Security  spotlight 


Beyond  Microsoft's  Group  Policy 


Hawking  the  hybrid 


The  inaugural  Interop  New  York  show  will  center 
on  security  and  how  government  regulations  will 
affect  network  design  and  operations.  PAGE  8. 


When  Microsoft’s  technology  isn’t  enough, you  need  to  look 
at  third-party  tools,  an  analysis  of  our  Clear  Choice  testing 
shows.  PAGE  56. 


Users  say  cost  savings,  new  features  of  hybrid 
TDM/IP  PBXs  outweigh  wholesale  IP-only 
upgrades.  PAGE  21. 
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ANAGEMENT  TEST 


HP  wins  our  test  of 
network  management 
framework 


NETWORKWORLD 


CLEAR  CHOICE 


Assessing  Skype’s 
network  impact 


BY  EDWIN  MIER,  DAVID  MIER  AND 
ANTHONY  MOSCO,  NETWORK 
WORLD  TEST  ALLIANCE 

If  you’re  worried  about  Skype 
creating  a  security  problem  for 
your  network,  don’t,  because  the 
free  VoIP  service  poses  little  dan¬ 
ger  to  an  enterprise  network. 
That’s  a  good  thing,  because  it’s 
just  about  impossible  to  keep 
Skype  out  of  your  network  if  end 
users  are  determined  to  run  it. 

That’s  the  conclusion  we 
reached  after  testing  multiple  ver¬ 
sions  of  Skype  for  several  weeks  in 
our  independent  test  lab. 

Skype  is  inscrutable  and  myste¬ 
rious.  It  uses  indecipherable  en¬ 
cryption.  It  dynamically  morphs 
traffic  characteristics.  It  can  work 
through  virtually  any  network  ad¬ 
dress  translation  (NAT)-based  fire¬ 
wall.  Few  of  these  operational 
aspects  are  published  (see  what  is 


published  in  the  official  “Skype 
Guide  for  Network  Administra¬ 
tors”  at  www.networkworld.  com, 
DocFinder:  1246). 


Face-Off: 


Is  Skype  ready  for  the 
enterprise?  Network 
World  Lab  Alliance 
member  Rodney 
Thayer  cites  security 
concerns,  but  Lab 
Alliance  colleague 
James  Gaskin  says 
Skype  solves  more 
problems  than  it 
creates.  Page  42. 


And  with 
more  than  4 
million  online 
users  at  any 
given  time, 
one  can 
assume  that 
Skype  has  per¬ 
meated  many 
enterprise  net¬ 
works. 

Our  testing 
began  with 
capturing  and 
analyzing  net¬ 
work  traffic 


while  downloading  Skype  1.4 
(the  current  version)  and  a  beta 
version  of  Skype  2.0  onto  various 

See  Skype,  page  76 


Cisco  seeks  to 
control  your  apps 


BY  PHIL  HOCHMUTH  AND  DENISE  DUBIE 

SAN  JOSE  —  Cisco  wants  a  central  role  in  your  ser¬ 
vice-oriented  architecture  plans,  and  is  proceeding 
in  that  direction,  whether  its  partners  like  it  or  not. 

Cisco  last  week  used  its  World  Wide  Analyst  Con¬ 
ference  to  cast  itself  as  a  services  and  applications 
vendor,  unveiling  a  broad  strategy  for  tying  all  its 
enterprise  technology  into  a  services  model.  To  that 
end,  Cisco  is  expected  this  week  to  announce  a  set 
of  software  tools  aimed  at  letting  customers  monitor 
and  measure  application  performance  on  a  network 


—  a  far  leap  from  its  history  of  selling  hardware  and 
pushing  packets. 

The  new  products,  and  the  company’s  Services 
Oriented  Network  Architecture  (SONA)  plan,  promise 
to  reduce  corporate  costs  and  move  customers 
toward  virtualized  services,  including  security  voice, 
mobility  applications,  management,  processing  and 
storage  —  with  the  network  as  the  common  facet. 

Some  observers  say  Cisco’s  moves  put  it  on  a  colli¬ 
sion  course  with  most  of  its  key  application-related 

See  Cisco,  page  16 


What’s  behind 
on-demand 
software’s  rise 


BY  JOHN  FONTANA 

Corporate  IT  is  being  drawn  to  the  con¬ 
cept  of  software  delivered  as  a  service  and 
its  promise  of  less  maintenance  and  lower 
operational  costs.  Vendors  are  responding 
with  innovations  and  commitments  to  offer 
the  model  of  hosted  application  services. 

Software-as-a-service  is  a  model  of  deliver¬ 
ing  software  over  the  Internet,  eliminating 
the  need  for  companies  to  buy  build,  man¬ 
age  and  maintain  infrastructure  and  appli¬ 
cations.  The  concept  has  its  roots  in  the 
application  service  provider  (ASP)  revolu¬ 
tion  that  fizzled  in  the  late  1990s,  but  it  is 
now  white-hot  with  its  promised  IT  benefits 
and  is  putting  pressure  on  vendors  of  tradi¬ 
tional  shrink-wrapped  software. 

Two  recent  surveys  show  that  corpora¬ 
tions  are  betting  that  software-as-a-service  is 
a  part  of  their  future. 

A  survey  released  in  November  by  AMR 
Research  shows  that  more  than  78%  of  500 

See  Software-as-a-service,  page  14 
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Living  on  virtually 

A  late  industry 
analyst’s  life  is 
celebrated  online. 

BY  NEAL  WEINBERG 

he  ancient 
Egyptians  built 
pyramids  to  honor 
and  remember  their 
dead.  In  the  Internet 
age,  we  build  Web  sites. 

Take  Terry  Shannon,  for  example. The  influential 
technology  industry  analyst  and  writer  died  on  May 
26,  but  a  half-year  later  his  own  Web  site  (www.shan 
nonknowshpc.  com)  lives  on  as  a  permanent  memo¬ 
rial  where  friends  from  all  over  the  world  continue  to 
post  remembrances,  condolences  and  words  of  com¬ 
fort  to  his  family. 

Shannon  was  best  known  for  his  uncanny  ability  to 
find  out  what  was  happening  inside  Digital  Equip¬ 
ment  Corp.  (DEC).  For  many  years,  he  wrote  under  the 
name  Charlie  Mateo, “the  invisible  person  who  was 

See  Shannon,  page  74 
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r  I  tools  <  nd  guidance  to  defend  your  network  at  microsoft.com/security/IT 


Free  Tools  and  Updates:  Streamline  patch  management 
with  automated  tools  like  Windows  Server  Update  Services. 
And  verify  that  your  systems  are  configured  for  maximized 
security  with  Microsoft  Baseline  Security  Analyzer. 

Microsoft  Security  Assessment  Tool:  Complete  this  free, 
online  self-assessment  to  evaluate  your  organization's 
security  practices  and  identify  areas  for  improvement. 

licnosoff.  Arvtigen,  and  Windows  Server  are  either 
1  ■  zrOsoftCc  poiahe  ih.  the  United  States  and/or  other  cduhtfieS 


Antivirus  for  Exchange:  Download  a  free  trial  of  Antigen  for 
Exchange  and  arm  your  e-mail  server  with  powerful  multi-engine 
protection  from  viruses,  worms,  and  inappropriate  content.  ....  - 

Learning  Paths  for  Security:  Take  advantage  of  in-depth 
online  training  tools  and  security  expert  webcasts  organized' 
around  your  specific  needs.  Then  test  your  security  solutions 
in  virtual  labs,  all  available  on  TechNet. 
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We  deliver  something  for  your 
network  you  thought  was  lost  forever. 

Control. 

it's  time  for  you  to  take  back  your 

network.  And  the  3Com® TippingPoint"  f  3 

security  solution  is  the  way  to  do  it. 

But  don't  take  our  word  for  it.  Take 
the  word  of  SC  Magazine.  They  awarded  . 

us  Best  Security  Solution  2009,' 

And  if  you  think  they've  got  good 
things  to  say,  go  to  our  website  and 

hear  from  our  customers. 

3Com 

security 

VoIP 

wireless 

switching 

routing 

services 

v  3com.com/AdvanceTheNetwork _ J 


*SC  Magazine  awarded  TippingPoint  Intrusion  Prevention  System,  formerly  known  as  UmtyOne™.  Best  Security  Solution  for  2005. 
Copyright  ©  2005  3Com  Corporation  All  rights  reserved  3Com  and  the  3Com  logo  are  registered  trademarks  of  3Com  Corporation. 
All  other  company  and  product  names  may  be  trademarks  of  their  respective  companies. 
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7  EMC  unveils  new  support  services. 

8  New  York  Interop  show  to  highlight  security. 

10  Wireless  LAN  products  undergo  facelifts. 

10  ISS  adds  behavior-based  protection  to  IPS. 

10  Security  company  touts  new  approach  on  insider  threat. 
12  Consortium  forms  to  address  security. 

12  Anti-spyware,  anti-virus  on  collision  course? 

16  Appliances  squeeze  data  onto  Fibre  Channel  SANs. 

17  On-demand  CRM  a  moving  target  at  SAP. 

18  Cingular  rolls  out  3G  service. 

18  PostX  boosts  e-mail  authentication  management, 


Net  Infrastructure 

21  Users:  Hybrid  PBXs  work. 

21  Adorno  offers  speech  recognition. 

22  IronPort  launches  SMB  e-mail 
gateway. 

24  SPECIAL  FOCUS:  Managing 
security  weaknesses  no  easy  task. 

Enterprise  Computing 

27  Managed  backup,  recovery  heats 
up. 

27  Dave  Kearns:  Fun  makes  10 
years  fly. 

Application  Services 

29  Sierra  Pacific  taps  open  source 
management  tools. 

29  Novell  adds  self-service  to 
provisioning  tools. 

30  Scott  Bradner:  A  new  face  not 

unlike  the  old? 

Service  Providers 

33  Illinois  project  saves  millions. 

33  New  service  to  help  ISPs  to 
monitor  'Net. 

35  Johna  Till  Johnson:  Take  a 
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portfolio. 

Technology  Update 

37  Jini  builds  foundabon  for  SOA. 

37  Steve  Blass:  Ask  Dr.  Internet. 

40  Mark  Gibbs:  A  good  tool  to 
manage  e-mail. 

40  Keith  Shaw:  Cool  tools,  gizmos 
and  other  neat  stuff. 


Opinions 

44  On  Technology:  What  doesn’t 
kill  you  makes  you  stronger,  right? 

45  Nick  Lippis:  Is  Avaya  poised  for 
a  breakaway? 

45  Christopher  Sloop:  The  facts 
about  WeatherBug. 

78  BackSpin:  Avoiding  the  Gray 
Area  Problem. 

78  Net  Buzz:  TopTenSources  look¬ 
ing  to  get  a  grip  on  'citizen  media', 


Management 

Strategies 

65  How  to  buy  storage:  An  expert 
offers  best  practices  for  purchasing 
storage,  from  drives  to  SANs. 


COOLTOOLS 


The  Mega  Travel  Drive  lets 
you  carry  files  with  you  and 
plugs  into  a  USB  port  on  your 
computer.  Page  49. 
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The  wild 
world  of 
wikis, 
Weblogs, 
podcasts 
and  RSS 
feeds: 

What  the  busy  network 
executive  needs  to  know 
about  avoiding  information  overload 


Page  46. 


Face-Off: 


Is  Skype  ready  for  the 
enterprise?  Network  World 
Lab  Alliance  member 
Rodney  Thayer  cites  securi¬ 
ty  concerns,  but  Lab  Alliance  colleague  James  Gaskin  says 
Skype  solves  more  problems  than  it  creates.  Page  42. 


I  i 


Clear  Cloiee  Test: 


NETWORKWORLD 


ICLEAR  CHOICE  ipi 


HP  OpenView  wins  our  test  of  net¬ 
work  management  framework  tools. 

Page  50. 


Hear  Choice  Analysis: 

When  Microsoft's  Group  Policy  isn’t  enough,  you  need  to  look 


at  third-party  tools.  Page  56. 


Online 


www.networkworld.com 


Available  only  on  NetworkWorld.com 


Network  World  ITVideo 

The  Hot  Seat  with  John  Gallant: 

Is  there  a  better  way  to  manage  the 
data  center  through  virtualization? 
Egenera's  Pete  Manca,  vice  president 
of  engineering,  gets  in  the  Hot  Seat 
to  prove  his  company's  virtualization 
software  is  the  way  to  go. 

DocFinder:  1236 

Gool  Tools:  Oakley  Thump  2  MP3 
sunglasses 

Editor  Keith  Shaw  gets  the  lowdown 
on  Oakley's  newest  MP3/sunglasses 
line  from  engineer  Colin  Smith. 

DocFinder:  1237 

Network  Life 

In  our  latest  issue,  available  as  an 
ezine:  why  thinking  like  an  IT  guy  at 


home  will  save  you  money  and  frus¬ 
tration;  the  inside  scoop  on  who’s 
battling  over  your  home  network; 
how  to  defend  your  home  net 
against  rootkits  and  malware;  and 
more  DocFinder:  1238 

Cool  Yule  Tools  Holiday  Gift  Guide 

We’ve  reviewed  more  than  100  high- 
tech  products  you'll  want  to  give  to 
your  friends,  family  or  yourself. 

DocFinder:  9834 

Network  World  Radio  Podcast:  The 
GPL  road  map 

Senior  Editor  Phil  Hochmuth  talks  with 
Peter  Brown,  the  executive  director  of 
the  Free  Software  Foundation,  about 
the  road  map  for  General  Public 
License.  DocFinder:  1239 


Online  help  and  advice 

Branch  Office  Best  Practices 
Knowing  what’s  out  yonder 

Columnist  Robin  Gareiss  shows  you 
how  to  identify  and  categorize  your 
branch  offices. 

DocFinder:  1240 

HomeLAN  Adventures 

Are  networked  media  servers  all 

that?  Part  2 

Editor  Keith  Shaw  says  MediaReady 
5000’s  uncooked  software  and  user 
interfaces  failed  to  deliver. 

DocFinder:  1241 


Small  Business  Tech 
Calendar  cleanup 

Columnist  James  Gaskin  gives  you  a 
technology  reminder  to-do  list  to 
tackle  in  2006.  Docfinder:  1242 

FT  Borderlands 

Thanks,  Overly  Paranoid  Software 
Consulting 

Columnist  Ken  Fasimpaur  looks  at 
the  "remora-like  monstrosity"  that 
are  the  iegalese  boilerplate  dis¬ 
claimers  run  amok  on  vendor  e-mail. 

Docfinder:  1243 


Seminars  and  events 


Sector  Spotlight: 

Healthcare 

Healthcare's  storage  needs  soar. 

Electronic  medical  records  generate  many  terabytes  of  data 
that  need  to  be  retained.  Page  58. 


In  2006,  were  launching  a  brand  new  style  of  event,  Network  World  Live:  IT 
Roadmap  Conference  &  Expo.  This  event  brings  the  pages  of  Network  World 
magazine  to  life  —  delivering  the  distinctive  editorial  insight,  in-depth  product 
reviews  and  thought-provoking  industry  analysis  you’ve  grown  to  expect  from 
our  award-winning  magazine,  newsletters  and  Web  site. 
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Gartner  urges  caution  on  BlackBerry 

ffl  Companies  should  halt  business-critical  deployments  of  BlackBerry  devices  and 
investments  until  its  maker,  Research  in  Motion,  clarifies  its  legal  position  with  regard 
to  its  patent  tussle  with  NTRGartner  advises. The  market  research  and  consulting 
firm  issued  its  recommendation  after  a  federal  judge’s  decision  opened  the  door  to 


TheGoodTheBattlTheUgly 

Battery  boost.  The  Wi-Fi  Alliance  last  week  began  attack¬ 
ing  one  of  the  main  problems  with  wireless  LAN  phones  by  certifying 
features  to  extend  battery  life.  The  industry  group  is  adding  a  label  it 
calls  WMM  (Wireless  Multimedia)  Power  Save,  which  identifies  prod¬ 
ucts  that  have  reduced  the  power  needed  to  use  multimedia  applica¬ 
tions  over  WLANs. 


a  possible  injunction  that  would  stop  sales  of  BlackBerry  mobile  e-mail  devices  and 
shut  down  BlackBerry  service  in  the  United  States.  Four  Gartner  analysts  published 
a  research  brief  last  week  alerting  current  and  prospective  enter¬ 
prise  RIM  customers  to  “stop  or  delay  all  mission-critical  BlackBerry 
deployments  and  investments  in  the  platform  until  RIM’s  legal  posi¬ 
tion  is  clarified.”  Gartner  is  also  advising  customers  to  pressure  RIM 
into  making  public  its  work-around  plans  for  preventing  disruption 
to  its  service  while  bypassing  the  patents  in  question.  RIM  did  not 
reply  to  requests  for  comment. 


Changes  at  Wikipedia.  The  community-edited 
Wikipedia  online  encyclopedia  is  now  requiring  people  to  register  before 
submitting  stories  after  it  ran  a  piece  recently  that  falsely  implicated  a 
man  in  the  Kennedy  assassination,  according  to 
Associated  Press.  People  can  still  edit  stories 
without  registering. 

<  Nature  isn't  the  only  thing 

Calling.  More  and  more  Americans  are  log¬ 
ging  on  wirelessly  to  the  Internet ,  .  .  from  their 
bathrooms.  That’s  one  of  the  nuggets  from  this 
year's  Internet  Report  by  the  University  of 
Southern  California  Annenberg  School  Center  for  the 
Digital  Future.  Over  half  of  those  using  home  wireless  used  it 
from  the  bathroom,  according  to  the  report. 


BRIAN  GAIDRY 
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“A  lot  of  the  software  that  gets  written  in  the  world  is  going  to  get 
written  in  Asia  . . .  because  that’s  where  the  people  are  with  the 
skills.  We’d  love  to  see  more  people  graduate  in  computer  science 
here  in  the  United  States,  but  the  trend  is  not  a  good  one.” 

Steve  Ballmer,  Microsoft  CEO,  speaking  to  technology  executives  last  week  in  Washington,  D.C. 

See  story  at  www.networkworld.com,  DocFinder:  1245. 


IEEE  approves  mobile  WiMAX 

■  The  standard  for  broadband  wireless  technology 
known  as  mobile  WiMAX  has  been  approved.  Mobile 
WiMAX  networks  will  let  customers  wirelessly  access 
the  Internet  anywhere  they  may  be  in  a  city  The  IEEE 
ratified  the  802. 16e  standard,  also  called  mobile 
WiMAX,  according  to  Roger  Marks,  chair  of  the  802.16 
working  group.  The  standard  should  enable  vendors 
to  build  equipment  that  interoperates  with  gear  from 
other  vendors.  But  approval  of  the  standard  is  only 
one  step  in  the  process  of  delivering  services  to  cus¬ 


tomers.  “The  standard  being  ratified  is  one  thing,  and 
the  WiMAX  Forum  having  tested  conforming  products 
is  another;”  says  Ian  Keene,  a  research  vice  president 
with  Gartner.  He  expects  certified  mobile  WiMAX 
products  to  become  available  near  the  end  of  2006. 
After  that,  operators  will  have  to  build  the  networks 
before  customers  can  take  advantage  of  the  service. 

Intel  working  on  rootkit  detection 

■  Intel  is  working  on  a  research  project  that  would 
immediately  notify  PC  users  if  they  inadvertently 


download  a  rootkit  like  the  XCP  (extended  copy  pro¬ 
tection)  software  found  on  certain  music  CDs 
shipped  by  Sony  researchers  said  last  week.  Rootkits 
are  pieces  of  software  designed  to  access  a  system 
and  make  changes  or  implement  policies  without 
being  detected  by  the  operating  system  or  anti-virus 
software. Security  experts  say  malicious  hackers  might 
have  used  Sony’s  rootkit  software  to  launch  unde¬ 
tectable  attacks.The  idea  behind  the  Intel  project  is  to 
protect  systems  from  malicious  programs  that  make 
their  way  onto  a  system  and  attack  application  soft¬ 
ware  running  in  the  systems  memory  The  project  is 
tentatively  scheduled  to  become  part  of  Intel’s  prod¬ 
ucts  around  2008  or  2009. 

Data  breach  law  takes  effect  in  N.Y. 

■  New  York  has  joined  the  growing  list  of  U.S.  states 
requiring  that  companies  notify  their  customers 
whenever  private  information  has  been  compro¬ 
mised.  Last  week,  the  state’s  Information  Security 
Breach  and  Notification  Act  went  into  effect,  accord¬ 
ing  to  a  spokeswoman  for  the  state’s  attorney  general, 
Eliot  Spitzer.The  law,  which  is  similar  to  California’s  SB- 
1386  notification  law,  requires  businesses  and  state 
agencies  to  inform  New  York  residents  “whose  unen¬ 
crypted  personal  information  may  have  been 
acquired  by  an  unauthorized  person.”  Since  Cali¬ 
fornia’s  notification  law  was  passed,  it  has  brought 
dozens  of  information  security  breaches  to  light  and 
put  computer  security  and  privacy  in  the  public  spot¬ 
light.  The  first  company  to  disclose  a  security  breach 
under  the  California  law,  information  vendor  Choice- 
Fbint,  recently  took  a  $6  million  charge  for  legal 
expenses  and  fees  related  to  the  theft  of  personal 
information  belonging  to  145,000  consumers  that  had 
been  stored  in  its  database. 


“Nah,  nah,  it’s  cool. 
Ummm...dude,  the 
game  is  called  ‘Reboot 
Racer’  —  trust  me  ...” 

Russell  Skingsley  of  Hanoi  wins  big 
across  several  time  zones  this  week. 
Check  in  every  Monday  for  the  starts 
of  a  new  contest. 

www.networkworld.com/weblogs/layer8 
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EMC  expands  support  services  portfolio 


EMC  WebSupport 

WebSupport  is  part  of  the  EMC  PowerLink  extranet,  which 
also  includes  a  variety  of  other  support  offerings. 


Support  offering 

Features 

EMC  Knowledgebase 

Repository  of  solutions  to  problems. 

Issue  Tracker 

Issues  reported  by  EMC  customers  and  engineers; 
problems/fixes/resolution. 

E-Lab  Navigator 

Interoperability  matrix  for  EMC  and  other  vendors'  gear. 

Document  Library 

A  repository  of  downloadable  EMC  support  documents. 

Software  downloads 

Latest  product  patches  and  enhancements. 

BY  DENI  CONNOR 

EMC  announced  last  week  a 
variety  of  new  and  expanded  sup¬ 
port  services. 

The  new  offerings  will  include: 

•  Enhanced  EMC  WebSupport, 
which  lets  customers  create  sup¬ 
port  cases  online,  track  them  and 
receive  notification  of  their  pro¬ 
gress  or  resolution. 

•  Expanded  Certified  Data 
Erasure  services,  in  which  EMC 
provides  for  the  erasure  and  certi¬ 
fication  of  data  on  IBM  and 
Hitachi  Data  Systems  arrays,  as 
well  as  its  own  Symmetrix  and 
Clariion  arrays. 

•  New  services  for  EMC’s  Con- 
trolCenter,  Documentum  and  Net- 
worker  products. 

•  Enhanced  Secure  Remote 
Support  services. 

•  A  secure  support  service  for 
government  agencies. 

•  The  opening  of  an  additional 
Global  Support  Center. 


“We  are  announcing  a  series  of 
industry  standards  that  will  con¬ 
tinue  to  provide  excellent  flexibil¬ 
ity  and  choice  for  secure  support 
provided  by  EMC,  [and]  were  pro¬ 
viding  greater  customer  and  prod¬ 
uct-specific  technical  knowledge, 
in  order  to  accelerate  resolution 
and  information  availability’  said 
Leo  Colborne,  senior  vice  presi¬ 
dent  for  Global  Customer  Service 
at  EMC,  during  a  conference  call 
with  analysts.  Journalists  were  not 
invited  to  participate,  although 
Network  World  did  gain  access  to 
a  recording  of  it.  EMC  declined  to 
comment,  though  issued  a  press 
release  Friday 

While  analysts  wouldn’t  com¬ 
ment  on  the  specifics  of  the  an¬ 
nouncement  either,  one  did  ad¬ 
dress  the  importance  of  services 
programs. 

‘As  product  portfolios  have  con¬ 
tinued  to  improve  across  the 
board,  services  —  both  proactive 


and  high-end  consulting  —  will 
continue  to  be  an  important  area 
of  differentiation  for  vendors,” says 
Tony  Prigmore,  senior  analyst  at 
Enterprise  Strategy  Group. 

EMC  WebSupport  will  now 
allow  customers  to  create  prob¬ 
lem  resolution  cases  online  rather 
than  through  a  support  call  to 
EMC.  Once  the  case  is  created, 


customers  can  track  the  progress 
of  the  case  and  receive  notice 
from  EMC  on  its  progress  or  reso- 
lution.The  expanded  WebSupport 
will  allow  EMC  to  more  accurately 
identify  the  components  of  a  cus¬ 
tomer’s  environment  and  securely 
send  and  receive  log  files  from 
customers  pertaining  to  the  prob¬ 
lem  at  hand. 


Customers  can  query  cases  or 
the  times  their  EMC  gear  automat¬ 
ically  dialed  EMC  support  to  re 
port  problems  —  dial  home  inci¬ 
dents.  They  then  can  save  those 
searches  for  future  reference. 

The  Certified  Data  Erasure  Ser¬ 
vice  allows  customers  to  be  com¬ 
pliant  with  government  and  in¬ 
dustry  regulations  regarding  the 
disposal  of  digital  data.  The  pre¬ 
sent  service  lets  EMC  technicians 
erase  drive  data  on  EMC 
Symmetrix  and  Clariion  arrays 
and  certify  that  erasure  has  been 
completed.  The  service  is  being 
expanded  to  include  erasure  of 
IBM  and  Hitachi  Data  System 
arrays  that  are  attached  to  main¬ 
frames.  EMC  is  evaluating  the 
capability  to  erase  IBM  and 
Hitachi  equipment  attached  to 
open  systems  host  computers.The 
company  also  expects  to  handle 
the  erasure  of  individual  drives  in 
See  EMC,  page  14 
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Seeurity  issues  to  dominate  Interop 


BY  TIM  GREENE 
AND  PHIL  HOCHMUTH 

As  Interop  New  York  opens  its 
doors  for  the  first  time  this  week, 
the  focus  will  be  on  security  and 
the  effect  of  government  regula¬ 
tions  on  network  design  and 
operations. 

Vendors,  including  Avaya,  Aven- 
tail  and  Lockdown  Networks,  are 
using  the  show  as  a  platform  to 
launch  new  security  products, 
and  the  keynote  list  has  been 
revised  to  add  a  talk  on  security 
services. 

AT&T  pulled  President  David 
Dorman  from  the  list  of  speakers 
and  replaced  him  with  the  com¬ 
pany’s  chief  information  security 
officer  Ed  Amoroso,  who  plans  to 
outline  AT&T’s  road  map  for  cor¬ 
porate  security  services.  “The  cor¬ 
poration  wants  to  stress  security’ a 
spokeswoman  said,  but  declined 
to  say  whether  Amoroso  will  an¬ 
nounce  new  services. 

The  heightened  interest  in 
keeping  networks  safe  stems  in 
part  from  increasing  government 


and  industry  regulations  that 
make  business  executives  more 
responsible  for  data  security, 
says  Allan  Carey,  an  analyst  with 
IDC,  whose  report  on  security 
has  just  been  released. The  study, 
called  “2005  Global  Information 
Security  Workforce,”  finds  that 
about  21%  of  CEOs  now  bear 
ultimate  responsibility  for  infor¬ 
mation  security,  up  from  about 
1 2%  last  year. 

High-profile  thefts  of  personal 
customer  information  and  the  use 
of  computer  forensics  to  uncover 
corporate  wrongdoing  are 
prompting  business  executives  to 
seek  training  in  these  technolo¬ 
gies,  Carey  says.  “Shifts  in  attacks, 
tactics  and  [attack]  vectors  re¬ 
quire  security  professionals  to 
fine-tune  existing  skills  and  learn 
new  techniques,”  the  study  says 
(see  graphic). 

Theft  of  student  information  is  a 
top  concern  of  the  U.S.  Merchant 
Marine  Academy  in  Hunts  Point, 
N.Y,says  the  school’s  CIO  Howard 
Weiner.  The  problem  is  com¬ 


pounded  by  the  use  of  laptops  by 
the  roughly  1,000  undergraduates, 
who  take  their  machines  with 
them  when  they  travel  around  the 
world  during  their  year  at  sea. 
“They  come  back  severely  com¬ 
promised,”  Weiner  says. 

To  address  these  problems,  the 
school  beta-tested  access-con¬ 
trol  gear  from  Lockdown  Net¬ 
works  that  will  be  announced  at 
Interop. 

New  software  for  its  Enforcer 
appliance  makes  it  possible  to 
carry  out  network  security  poli¬ 
cies  on  smaller  and  smaller 
switches,  giving  security  execu¬ 
tives  tighter  control  of  each 
machine  on  the  network. 

Enforcer  can  impose  access 
policies  via  unmanaged  hubs  and 
switches,  not  just  via  switches  that 
are  networked  under  a  unified 
management  system. 

The  gear  first  checks  that  com¬ 
puters  meet  security  configura¬ 
tion  policies  before  they  are 
admitted  to  the  network,  and  then 
controls  what  resources  they  are 
allowed  to  reach  by  enforcing 
policies  at  switch  ports. 

The  appliance  has  dramatically 
cleaned  up  student  computers  at 
the  Merchant  Marine  Academy, 
Weiner  says.  Enforcer  security 
scans  found  more  than  4,000  in¬ 
fections  that  could  turn  the  stu¬ 
dent  laptops  into  slaves  on  bot 
nets,  he  says. 

Non-tech  execs  seek  knowledge 

This  trend  toward  non-technical 
executives  seeking  IT  knowledge 
is  reflected  by  the  makeup  of  peo¬ 
ple  pre-registered  for  the  show, 
says  Lenny  Heyman,  the  general 
manager  for  Interop.  The  list  of 
attendees  shows  that  45%  of  those 
registered  hold  general  business 
titles,  not  technical  titles,  he  says. 

Growing  security  concerns 
also  include  keeping  businesses 
up  and  running  in  the  face  of 
terrorism  or  natural  disasters, 
Carey  says. 

For  instance,  the  American 
Red  Cross  relied  on  VoIP  phones 
to  set  up  emergency  aid  offices 
in  its  efforts  to  help  after  Hurri¬ 
cane  Katrina,  says  David  Craig, 
chief  engineer  for  the  agency’s 
response  technology  unit  in 
Washington,  D.C.  It  used  beta 
versions  of  Avaya  IP  phone  soft¬ 
ware  —  to  be  announced  at 
Interop  —  that  supports  secure 


Security  needs 

Security  is  a  major  theme 
at  Interop  this  week,  and 
as  a  new  IDC  study  finds, 
it  holds  a  top  priority  for 
corporate  executives, 
who  say  these  are  the  10 
areas  where  they  need 
more  training: 

1.  Business  continuity  and  disaster 

recovery.  . 

2.  Forensics. 

3.  Information  risk  management. 

4  Auditing. 

5.  Security  management. 

6.  Access  control. 

7.  Law,  investigations  and  ethics. 

8.  Security  for  applications  and 
systems  development. 

9.  Code  of  practice  for  information 
security  (ISO/IEC  17799). 

10.  Security  architecture  and  models. 

IPSec  VPN  connections  for 
phone  calls. 

This  made  it  possible  to  deploy 
the  phones  wherever  Red  Cross 
workers  found  Internet  connec¬ 
tions,  Craig  says. 

The  phones  tunneled  securely 
over  the  Internet  to  an  IP  PBX  that 
Avaya  provided  for  the  emer¬ 
gency  he  says,  and  switched  calls 
through  the  PBX  to  the  public 
phone  network.  The  same  tech¬ 
nology  can  enable  distributed 
call  centers,  where  agents  work  at 
home,  without  having  to  issue  sep¬ 
arate  VPN  appliances  for  each 
worker. 

The  VPN  support  is  key  for 
punching  a  call  through  corpo¬ 
rate  firewalls  to  PBXs,  Craig  says, 
because  it  eliminates  the  need  to 
make  the  firewall  VoIP-aware. 
Removing  the  firewall  and  expos¬ 
ing  an  IP  PBX  to  the  Internet 
would  also  expose  it  to  denial-of- 
service  attacks  and  to  hijackers 
who  would  try  to  make  calls  on  it 
for  free,  he  says. 

For  businesses  that  want  to 
secure  Web  conferencing  as 
well  as  VoIP  chat,  Aventail  plans 
to  announce  at  Interop  an  appli¬ 
ance  that  supplements  its  SSL 
VPN  gear. 

The  Aventail  Secure  Collab¬ 
oration  appliance  sets  up  Web 
conferences  on  the  fly  and  pro¬ 
tects  them  via  SSL  supported  by 


a  separate  Aventail  SSL  VPN 
appliance.  The  appliance  also 
supports  instant  messaging. 

Protecting  Web  application 
servers  from  attack  is  another 
security  concern  that  will  be  ad¬ 
dressed  by  Coyote  Point  with  its 
announcement  of  a  new  applica¬ 
tion  front-end  appliance  that  in¬ 
cludes  a  Web  application  firewall 
as  a  software  option. 

The  hardware  would  be  de¬ 
ployed  in  a  data  center  or  server 
farm  in  front  of  Web  or  applica¬ 
tion  servers.  Offloading  tasks  such 
as  compression,  SSL  acceleration 
and  other  features  allows  users  to 
reduce  processing  load  on 
servers  and  make  applications 
run  more  efficiently 

Add-on  hardware  and  software 
modules  include  bandwidth  man¬ 
agement  and  traffic  prioritization; 
HTTP  application  compression; 
SSL  acceleration  (as  many  as 
10,000  transactions  per  second); 
packet  filtering  for  protecting 
data-center  applications;  and  an 
SNMP  module  for  managing  the 
device  remotely 

The  New  York  Interop  is  an 
attempt  at  a  comeback.The  East 
Coast  edition  of  Interop,  held  in 
Atlanta,  folded  in  2002,  leaving 
only  spring  Interop  in  Las  Vegas. 
But  that  put  Interop  out  of  reach 
for  half  the  country,  Heyman 
says.  For  example,  at  the  Las 
Vegas  show  earlier  this  year,  79% 
of  the  attendees  were  from  the 
West  Coast.  Of  those  registered 
to  attend  the  New  York  show, 
84%  are  from  east  of  the 
Mississippi. 

The  scale  of  the  New  York  show 
is  a  far  cry  from  the  old  Interop 
Atlanta,  which  at  its  peak  drew 
50,000  attendees  and  more  than 
400  exhibitors.  New  York  organiz¬ 
ers  are  promising  a  turnout  of 
5,000,  and  the  show  Web  site  lists 
about  140  exhibitors. 

Heyman  acknowledges  that 
sandwiching  the  show  between 
Thanksgiving  and  Christmas  is  not 
the  best  timing,  but  that  was  the 
only  slot  available  when  organiz¬ 
ers  decided  to  give  it  a  go  earlier 
this  year. 

That  may  have  kept  some  ex¬ 
hibitors  away.  Cisco,  for  example, 
has  no  presence  at  the  show.  Next 
year  the  show  will  be  held  in 
September,  when  people  are 
more  likely  to  free  up  time  to 
attend,  he  says.  ■ 


WLAN  products 
undergo  facelift 

BY  JOHN  COX 

Three  wireless  LAN  vendors  are  releasing  software  upgrades  that 
add  features  for  intrusion  detection,  radio  frequency  management 
and  wireless  VoIP 

The  changes  are  part  of  the  evolution  of  enterprise  WLANs,  which 
includes  giving  network  administrators  more  sophisticated  manage¬ 
ment  tools  and  better  tuning  of  the  WLAN  infrastructure  to  deal  with 
voice  traffic. 

AirDefense  this  week  plans  to  introduce  AirDefense  Enterprise  7.0, 
w'hich  through  new  technology  can  be  used  to  collect  and  store  his¬ 
torical  data  to  more  accurately  distinguish  between  routine  and 
potentially  dangerous  activities. 

The  offering,  which  combines  radio  sensors,  a  rack-mounted  secur¬ 
ity  appliance  and  systems  software,  has  been  reworked  to  incorporate 
a  very  fast,  custom-built  data  storage  facility,  instead  of  an  external 
SQL  database. 

The  new  data  store,  dubbed  Intelli,can  collect  and  manage  data  on 
about  250  variables  per  minute  for  each  wireless  client  and  access 
point  on  the  WLAN. Variables  include  signal  strength,  historical  record 
of  typical  signal  strength,  the  encryption  being  used,  details  on  the 
devices,  what  clients  are  associated  with  a  given  access  point,  and  so 
on.  For  each  device,  the  7.0  release  can  store  as  much  as  200  days 
worth  of  data. 

When  a  new  device  is  detected  on  the  WLAN,  the  AirDefense  prod¬ 
uct  can  now  collect  a  mass  of  data  on  the  device’s  behavior  and  fea¬ 
tures,  and  compare  that  with  the  patterns  of  comparable  nearby 
access  points  or  clients.  Algorithms  use  real-time  data  combined  with 

See  Wireless  LAN,  page  74 


WE  WANT 


YOUR  PAIN 


Honestly. 

You  didn’t  get  into  this  business  to 
be  the  e-mail  police.  You  got  into  it  to 
do  cutting-edge  stuff.  To  make  all  kinds 
of  big  things  happen. 

The  fact  is,  the  old  ways  of  securing 
your  company’s  e-mail  aren’t  cutting  it 
anymore.  They  chew  up  money  and  hours. 
They  eat  careers.  It’s  time  for  something 
new.  Not  just  for  big  businesses,  but  for  any 
size  business.  Not  just  for  this  platform  or 
that.  And  certainly  not  by  making  already 
overworked  IT  people  run  CDs  from 
PC  to  PC  during  virus  frenzies. 

Its  time  for  e-mail  security  as  a  service. 

Starting  at  $1.80  per  e-mail  address, 
per  month,  IBM  Express  e-mail  security 
service  filters  out  spam  and  intercepts 
viruses,  pornography  and  malware 


before  they  ever  get  to  your  network. 
And,  because  it’s  a  service,  you  don’t 
have  to  buy,  upgrade  or  manage  any 
software  or  hardware. 

Security  goes  from  chronic  fear  to 
IBM-grade  reassurance.  Licensing  and 
upgrades  become  a  thing  of  the  past. 
So  do  unplanned  costs.  Three  less 
things  to  worry  about.  Just  like  that. 
For  any  size  company. 

Soon,  everyone  will  buy  security  as 
a  service.  To  help  you  get  there,  you  can 
try  IBM  Express  e-mail  security  service 
at  no  charge  for  30  days!  And  from  just 
$1.80  per  e-mail  address,  per  month. 
Now  that’s  the  kind  of  cost  you  can 
actually  talk  to  management  about. 

To  learn  more,  call  1-866-672-9354'  or 
visit  ibm.com/businesscenter/security26 


30  DAY  TRIAL.  CALL  1-866-672-9354 
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the  United  States  and  Canada.  "Five  days'  prior  written  notice  to  IBM  is  required  in  order  to  cancel  the  Service  during  the  30-day  no-charge  period.  ©2005  IBM  Corporation.  All  rights  reserved 
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fSS  adds 
protection 
based  on 
behavior 

BY  ELLEN  MESSMER 

Internet  Security  Systems  has 
added  a  behavior-based  mal¬ 
ware-detection  engine  to  its  gate¬ 
way  intrusion-prevention  system 
called  the  Proventia  Network 
Integrated  Security  Appliance. 

The  Proventia  appliance,  for¬ 
merly  called  the  Proventia  M 
line,  already  used  signature- 
based  anti-virus  detection  from 
Sophos  to  detect  and  block 
known  viruses,  says  Leslie  Hora- 
chek,  1SS  product  marketing 
manager.  But  in  an  effort  to  block 
worm  and  virus  outbreaks  in  the 
minutes  before  they  are  identi¬ 
fied  and  given  a  specific  signa¬ 
ture,  1SS  is  including  a  behavior- 
based  blocking  method  to  stop 
attacks  based  on  code  activity. 

“It  virtualizes  the  environment 
to  trick  the  code  to  perform,” 
Horachek  says.“The  technology 
watches  to  see  if  Outlook  is 
being  opened,  for  instance,  or 
other  behavior.  Malware  writers 
are  not  very  creative,  and  they 
keep  rewriting  old  pieces  of 
code,  so  we  can  recognize  a  lot 
of  it.” 

Proventia  provides  options  for 
receiving  alerts  or  blocking  per¬ 
ceived  attacks.  ISS  says  its  inter¬ 
nal  testing  has  shown  the  appli¬ 
ance’s  behavior-based  detec¬ 
tion  to  be  effective  in  automati¬ 
cally  blocking  97%  of  the  virus¬ 
es  that  appeared  this  year.  ISS 
says  this  is  the  same  behavior 
blocking  used  in  its  client-secu¬ 
rity  IPS  product,  Proventia 
Desktop. 

A  variety  of  behavior-based 
blocking  products  has  been  in¬ 
troduced  over  the  past  few  years, 
including  those  from  Tipping- 
Point  (acquired  by  3Com),  Sana 
Security,  Determina,  Bit9,  Whole- 
Security  (acquired  by  Syman¬ 
tec)  and  Okena  (acquired  by 
Cisco). 

The  Proventia  Network  Inte¬ 
grated  Security  Appliance  ranges 
in  cost  from  $1,546  to  $15,000.  ■ 
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Balance  sought  between  security,  use 

Papers  from  academia  and  government  presented  at  Arizona  conference. 


BY  JENNIFER  MEARS 

TUCSON,  Ariz.  —  As  networks 
and  digital  data  see  increased 
attacks,  and  government  regula¬ 
tions  hold  corporations  to  stricter 
standards  when  it  comes  to  infor¬ 
mation  security,  network  execu¬ 
tives  are  looking  for  ways  to  bal¬ 
ance  the  need  for  security  with 
the  demand  for  IT  flexibility 

That  was  an  underlying  theme  at 
last  weeks  Computer  Security 
Applications  Conference,  which 
brought  together  security  experts 
from  academia,  government  and 
industry  to  share  the  latest  re¬ 
search  and  practices  in  informa¬ 
tion  security.  Topics  covered 
secure-access  technologies,  vul¬ 
nerability  assessment  and  manag¬ 


ing  a  secure  IT  environment. 

While  IT  executives  may  be 
familiar  with  security  conferences 
held  by  the  Computer  Security  In¬ 
stitute  or  RSA  Security  many  may 
not  be  familiar  with  the  Computer 
Security  Applications  Conference, 
which  held  its  21st  annual  gather¬ 
ing  in  Tucson,  Ariz. 

The  conference  features  select¬ 
ed  research  papers  submitted  pri¬ 
marily  by  academic  and  govern¬ 
ment  sectors. 

About  200  people  attended  the 
event,  mostly  from  government 
and  academia;  175  attended  last 
year.  The  number  of  papers  sub¬ 
mitted  also  grew,  from  135  last 
year  to  roughly  200  in  2005,  said 
Dan  Thomsen,  conference  chair 


and  a  lead  analyst  at  consultancy 
Cyber  Defense  Agency 

“The  papers  come  out  with 
good  innovative  ideas  that  people 
are  actually  using  to  build  tech¬ 
nology  that’s  working,”  he  says. 
“What  we  do  here  is  let  other  peo¬ 
ple  hear  about  these  efforts,  not 
only  other  researchers,  but  also 
people  in  companies  and  in  the 
government.” 

Marcus  White,  a  Unix  systems  ad¬ 
ministrator  with  Bechtel-Nevada,  a 
joint  venture  of  Bechtel  and  Lock¬ 
heed  Martin, came  to  the  event  for 
the  first  time  after  hearing  about  it 
from  a  colleague. 

“I’m  here  to  see  what’s  out  there 
and  see  the  direction  of  where 
security  is  heading.  I’m  also  here 


Security  company  touts 
new  approach  on  insider  threat 


Vital  stats: 


BY  CARA  GARRETSON 

Oakley  Networks,  which  has  been  selling  its  tech¬ 
nology  for  information-leakage  detection  and  pre¬ 
vention  to  government  agencies  for  five  years,  plans 
to  release  this  week  a  product  that  also  can  be  used 
by  non-government  entities. 

The  product,  SureView,  takes 
what  the  company  says  is  a  new 
approach  to  blocking  insider 
threats  by  working  at  the  applica¬ 
tion-event  level,  such  as  when  a 
file  is  printed  orsaved.That  differs 
from  other  companies’  products 
that  work  at  the  network  level. 

SureView,  which  consists  of  a 
tamperproof  appliance  and  agents 
deployed  on  desktops,  is  designed 
to  prevent  sensitive  or  proprietary 
information  leaks  through  real¬ 
time  monitoring  of  end-user  activ¬ 
ity  and  collecting  event  data  from 
applications,  says  Oakley  Net¬ 
works’  CEO  Derek  Smith. 

Those  applications  include  e-mail,  Web  mail,  in¬ 
stant  messaging, VoIP  programs,  browsers,  Microsoft 
Office  products,  as  well  as  information  saved  on 
USB  storage  devices,  CDs  and  DVDs,  or  data  that  is 
printed  or  encrypted,  he  says. 

Event  data  fed  to  SureView  is  analyzed  against  poli¬ 
cies,  both  predefined  and  those  set  by  an  enterprise, 
to  flag  any  violations.  For  example,  if  an  employee  in 
the  finance  department  normally  works  Monday 
through  Friday  from  9  a.m.  until  5  p.m.  unexpectedly 
comes  in  on  a  Sunday  morning  and  starts  printing 
documents,  that  would  likely  be  a  policy  violation, 
Smith  says. 


Headquarters: 

Salt  Lake  City 

Employees: 

125 

Founded: 

2001 

CEO: 

Derek  Smith 

Finances: 

Privately  held; 
investors  include 
Kleiner,  Perkins, 
Caufield  &  Buyers 

Competitors: 

Vontu,  Vericept 

If  a  breach  is  encountered,  SureView  sets  off 
alarms;  administrators  can  use  the  Replay  in  Context 
feature  that  offers  a  “videolike  view”  into  user  activi¬ 
ties,  including  keystrokes,  mouse  movements,  docu¬ 
ments  opened  and  Web  sites  visited. 

Sure  View’s  agents  also  let  administrators  monitor 
and  analyze  data  before  it  is  en¬ 
crypted,  or  hidden,  protecting 
enterprises  from  an  insider’s  in¬ 
tent  to  pass  sensitive  information 
outside  the  company  network, 
Smith  says. 

Oakley  has  decided  to  enter  the 
commercial  market  because  of 
the  heightened  awareness  over 
the  past  year  among  enterprises  to 
insider  threats,  Smith  says.  “We 
think  there’s  really  been  a  mind 
shift  on  the  part  of  corporate 
America  that  they  need  to  get  out 
in  front  of  this  problem,”  he  says. 

There  are  other  ways  that  enter¬ 
prises  can  protect  against  insider 
threats,  such  as  tightening  the  controls  around  iden¬ 
tity  management  and  taking  advantage  of  encryp¬ 
tion,  says  Trent  Henry  senior  analyst  with  Burton 
Group.  But,  as  is  often  true  with  security  enterprises 
may  want  to  layer  multiple  leakage  detection  and 
prevention  efforts  to  improve  protection. 

“The  technology  is  definitely  strong  and  can  be 
effective;  it  comes  down  to  how  enterprises  end  up 
deploying  this  along  with  a  number  of  other  security 
protections,”  Henry  says. 

SureView  is  priced  starting  at  $100,000. That  covers 
the  cost  of  the  appliance  and  agents  for  100  users,  as 
well  as  consulting  support.  ■ 


to  hear  about  Linux,”  said  White, 
who  is  based  in  Washington,  D.C. 

Bechtel-Nevada  runs  Red  Hat’s 
Linux  distribution,  which  includes 
the  National  Security  Agency- 
based  Security  Enhanced  Linux. 
The  growing  threat  of  malicious 
code, Trojans  and  viruses  coupled 
with  an  increasing  demand  for 
tighter  security  and  control 
means  the  search  for  better  secu¬ 
rity  is  ongoing,  White  said. 

“Just  in  November  we  noticed  a 
fivefold  increase  in  the  number 
of  viruses  we  are  seeing,”  said 
White,  who  was  listening  to  a  ses¬ 
sion  discussing  the  use  of  IPSec 
for  access  control  in  Linux-based 
networks. 

“The  issue  with  security  is  if  you 
put  in  too  much  security,  it’s  too 
cumbersome  and  restrictive,”  he 
said.“What  I’m  seeing  here  is  peo¬ 
ple  are  trying  to  find  a  balance 
between  security  and  usability’ 

Finding  that  balance  is  the  key 
to  a  successful  security  strategy 
Thomsen  said. 

“The  biggest  skill  a  security  per¬ 
son  has  is  a  finely  tuned  sense  of 
paranoia,”  he  said.  “You  can’t  be 
too  paranoid  so  you  lock  every¬ 
thing  up  and  get  nothing  done. 
You  have  to  know  what  security 
technology  will  allow  you  to  get 
your  corporate  mission  done.” 

Jim  Czyzewski, senior  IS  special¬ 
ist  at  the  MidMichigan  Medical 
Center  in  Midland,  Mich.,  admits 
that  his  organization  “had  a  false 
sense  of  security”  when  it  came  to 
patching.  Its  network  had  never 
been  breached. 

But  in  October  2003,  the 

Welchia  worm  hit  its  network  of 
* 

about  1,700  Windows-based  desk¬ 
tops  in  facilities  spread  across 
five  counties.  That  brought  IT 
operations  to  a  standstill  for  three 
days  as  a  staff  of  13  addressed  the 
problem,  spending  more  than  a 
half-hour  at  each  infected  work¬ 
station. The  network  was  hit  again 
the  following  March  by  the  same 
worm,  putting  the  search  for  a 
patch-management  product  into 
high  gear,  said  Czyzewski,  who 
presented  a  case  study  of  his  ex¬ 
perience  at  the  conference. 

Today,  MidMichigan  uses  patch- 
management  technology  from 
PatchLink  to  manage  and  deploy 
patches  and  to  keep  track  of  the 
vulnerability  status  of  each  sys¬ 
tem  in  its  network.  ■ 


REMEMBER  WHEN  TECHNOLOGY 
HAD  THE  POWER  TO  INSPIRE  YOU? 


BELIEVE  AGAIN. 

Once,  technology  transformed  business  in  a  way  that  made  us  believe  its  potential  was  boundless. 
But  over  time,  the  promise  of  IT  was  challenged  by  sheer  complexity.  Today  there's  reason  to  believe  again. 
Because  CA,  previously  known  as  Computer  Associates,  introduces  an  approach  to  managing  technology 
called  Enterprise  IT  Management  (EITM).  With  the  range  of  software  and  expertise  to  unify  systems, 
processes  and  people  across  the  enterprise.  Simplify  the  complex.  And  enable  IT  to  deliver  fully  and  securely 
against  your  business  goals.  With  CA  software  solutions,  you  can  reach  a  higher  order  of  IT.  At  your  own 
pace,  on  your  own  path,  with  your  existing  technology  and  partners.  To  learn  more  about  EITM,  and  how  CA's 
new  solutions  can  help  you  unify  and  simplify  your  IT  environment  in  a  secure  way,  visit  ca.com/unify. 

€3 
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Consortium  takes 
on  security  issues 


Anti-spyware,  anti-virus  on 
collision  course? 


BY  ELLEN  MESSMER 

Chief  information  security  offi¬ 
cers  can  have  a  difficult  time 
fighting  for  budget  dollars, 
because  detailing  the  business 
ROI  of  buying  a  security  product 
is  far  different  from  buying  a  Web 
portal. 

This  week  a  group  called  the 
Application  Security  Industry 
Consortium  (AppSIC)  will  debut, 
with  the  goal  of  changing  that  sit¬ 
uation  by  offering  ways  to  mea¬ 
sure  security  ROI  and  apply  met¬ 
rics  to  buying  security  products. 

Security  Innovation  heads  up 
AppSIC,  which  was  founded  by  14 
vendors,  analysts  and  companies 
that  buy  sell  and  use  products 
(see  graphic).  The  consortium 
includes  rivals  such  as  Microsoft, 
Red  Hat,  Oracle  and  SAP 

Herbert  Thompson,  the  consor¬ 
tium’s  chair  and  director  of  secu¬ 
rity  technology  at  Security 
Innovation, says  AppSIC  members 
will  meet  monthly  to  exchange 
ideas  and  vet  papers  to  be  issued 
under  the  AppSIC  imprimatur. 

“For  instance,  we’ll  publish  the 
top  10  questions  I’d  need  to  ask 
my  vendor  on  software  security 
before  1  buy  and  the  kinds  of 
answers  you  should  expect,” 
Thompson  says. ‘And  we’re  going 
to  help  enterprises  factor  in  secu¬ 
rity  in  their  budgets,  as  well  as 
help  IT  development  groups 
increase  software  security’ 

Many  say  the  need  to  get  a  bet¬ 
ter  grip  on  what  security  ROI 
means  is  clearly  there. 

“As  a  CISO,  you  have  to  give  up 
being  a  geek  and  become  a  busi¬ 
ness  managep’says  Rolf  Moulton, 
interim  president  and  CEO  of  the 
40,000-member  organization 
International  Information 

Systems  Security  Certification 


nww.com 

Security  blog 

Read  Senior  Editor  Ellen  Messmer's  lat¬ 
est  on: 

•  The  "you  first"  nature  of  encrypting 
data. 

•  Securing  IM  in  the  enterprise. 
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Consortium  (ISC2). 

1SC2  last  week  released  a  survey 
of  more  than  4,000  security  pro¬ 
fessionals  that  indicates  the  CISO 
is  increasingly  expected  to  inter¬ 
act  with  upper  management. 
Management  wants  security 
expressed,  not  in  technical  terms 
but  as  risk  management,  Moulton 
says. 

It’s  easier  to  express  the  security 
ROI  of  security  services,  because 
a  managed  service  can  be 
defended  as  an  economical  alter¬ 
native  to  buying  software,  says 
Andrew  Krcik,  vice  president  of 
marketing  at  PGP 

“The  problem  with  security  is, 
you  are  spending  money  to  try 
and  prevent  bad  from  happen¬ 
ing,”  says  Doug  Jacobson,  direc¬ 
tor  of  Iowa  State  University’s 
Information  Assurance  Center. 
“It  often  doesn’t  add  to  the  bot¬ 
tom  line  on  the  balance  sheet, 
unlike  other  IT  acquisitions 
where  you  add  more  computing 
power,  more  network  band¬ 
width,  more  storage,  which  are 
easier  to  justify” 

Thompson  says  AppSIC  is  open 
to  all  comers  and  there’s  no  mem¬ 
bership  fee  to  join.  ■ 


BY  ELLEN  MESSMER 

A  software  vendor’s  new  tech¬ 
nique  for  snuffing  out  spyware  is 
raising  questions  over  whether 
products  such  as  it  could  crash 
computers  by  clashing  with  anti¬ 
virus  tools  that  have  used  such 
methods  for  a  decade. 

Aluria  announced  it  has  added 
what  it  calls  Active  Defense  Shield 
to  its  software  to  intercept  files 
and  detect  and  eradicate  spyware 
before  it  resides  on  a  machine. 

This  type  of  anti-malware  tech¬ 
nique  is  known  as  kernel-driver  or 
on-access  scanning.  Many  anti¬ 
virus  vendors  have  embraced  the 
method  because  it  opens  a  file  to 
wipe  out  malware  before  it  lands. 

But  the  drawback  is  that  if  two 
or  more  vendors’  products  try  to 
scan  at  once,  the  machine  can 
crash. 

As  the  new  guys  on  the  block, 
anti-spyware  vendors  have  held 
back  from  using  this  scanning 
technique  in  order  not  to  be 
accused  of  interfering  with  anti¬ 
virus  scans.  But  with  anti-virus 
vendors  now  pursuing  the  fast¬ 
growing  anti-spyware  market  as 
well,  pressure  is  on  anti-spyware 
specialists  to  improve  their  prod¬ 
ucts  whatever  way  they  can. 

Aluria,  which  IDC  says  owns 
7.5%  of  the  approximately  $97  mil¬ 
lion  anti-spyware  market,  has  test¬ 
ed  its  software  on  computers  run¬ 
ning  anti-spyware  and  claims  its 
scanning  technique  will  not  inter¬ 
fere  with  others’. 

But  participants  in  the  $3  billion 
anti-virus  market  are  not  so  confi¬ 
dent. 

Joseph  Telafici,  director  of  oper¬ 
ations  at  McAfee’s  Avert  Labs 
research  arm, says  on-access  scan¬ 
ning  is  part  of  virtually  all  anti¬ 
virus  products  today  and  helps 
explain  why  corporations  do  not 
try  to  run  more  than  one  anti¬ 
virus  product  on  the  desktop  at 
the  same  time.  “It’s  not  pretty’  he 
says.  “It’ll  lock  up  the  system  and 
crash  it.” 

McAfee  will  use  on-access  scan¬ 
ning,  Telafici  notes.  McAfee  also 
sells  anti-spyware  software  as  an 
add-on  to  its  anti-virus  software. 

Vincent  Weafer,  senior  director 
of  Symantec  security  response, 
says  it  is  quite  likely  a  customer 
would  experience  compatibility 
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issues,  whether  the  scanner  is  for 
anti-vims  or  anti-spyware. 

“We  wouldn’t  recommend  run¬ 
ning  two  on-access  scanners,”  he 
says. 

Symantecs’s  anti-spyware  and 
anti-virus  products  use  the  same 
kernel-level  drivers.  “They’re  one 
set  of  scanners  and  one  set  of 
agents,”  Weafer  says. 

Anti-spyware  vendor  Webroot 


doesn’t  use  kernel-driver  scan¬ 
ning  to  intercept  files  but  plans  to 
add  that  to  its  anti-spyware  prod¬ 
ucts  in  the  first  half  of  next  year. 
Webroot’s  technique  scans  files  as 
they  are  loaded  into  memory  so 
that  spyware  is  prevented  from 
running,  says  Mike  Greene,  direc¬ 
tor  of  product  management.  “We 
have  the  foundation  to  move  into 
kernel-level  detection,”  he  adds. 

Greene  says  collisions  between 
scanning  software  can  present  a 
problem, which  could  be  solved  if 
the  industry  came  up  with  a  tech¬ 
nique  to  recognize  a  secure 
handoff  to  a  second  scan. 

If  collisions  between  anti-spy- 
ware  and  anti-virus  products 
become  a  noticeable  problem, 
the  result  might  be  to  push  buyers 
toward  a  single  vendor  for  both. 

Some  anti-vims  vendors  girding 
for  the  anti-spyware  battle 
acknowledge  that  possibility  as  a 
potential  endgame. 

“There’s  no  co-existence  prob¬ 
lem  using  our  products,”  McAfee’s 
Telafici  notes. 

Sam  Curry,  vice  president  of 
product  management  for  eTrust 
Solutions  at  Computer  Associates, 
says  the  company’s  anti-spyware 
software  does  not  yet  use  on- 
access  scanning,  though  the  anti¬ 
spyware  SDK  it  licenses  to  devel¬ 
opers  does,  and  it  has  been  tested 
to  coexist  with  many  anti-vims 
products.B 


Learning  to  share 


Although  anti-virus  vendors  have  not  made  it  a  priority  to 
find  ways  to  coexist  on  the  desktop,  they  do  share  virus 
specimens  in  a  timely  way.  This  makes  their  products  virtu¬ 
ally  identical  in  what  they  catch. 

Such  a  sharing  practice  does  not  exist  in  the  anti-spyware 
industry. 

“With  the  spyware  vendors,  a  lot  of  people  are  hoarding,”  says 
Joseph  Telafici,  director  of  operations  at  McAfee's  Avert  Labs 
research  arm.  “They  jealously  guard  their  samples." 

The  consequence,  he  says,  is  that  anti-spyware  products  are 
vastly  different.  He  believes  that  none  of  them  catch  more  than 
80%  of  potential  spyware  threats. 

Some  anti-spyware  vendors  defend  this  hoarding  practice. 

“If  I  have  all  the  samples  to  share  and  you  have  nothing  to  trade, 
why  should  I  open  up  on  this?"  says  Mike  Greene,  director  of 
product  management  at  Webroot. 

—  Ellen  Messmer 
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Software-as-a-service 

continued  from  page  1 

respondents  across  major  verti¬ 
cal  industries  and  company  sizes 
are  currently  using  or  consider¬ 
ing  software-as-a-service.  Only 
18%  said  they  have  no  plans  to 
consider  software-as-a-service. 

In  an  October  survey  of  118  IT 
professionals  by  Cutter  Consor¬ 
tium,  an  IT  advisory  firm,  65%  of 
respondents  said  they  were  using 
or  considering  software-as-a-ser- 
vice,  while  35%  said  they  are  not 
considering  it. Of  the  34%  who  are 
considering  adopting  software-as- 
a-service,  82%  said  they  plan  to  do 
it  in  the  next  six  to  12  months. 

The  most  popular  applications 
under  consideration  are  CRM, 
salesforce  automation,  ERR  hu¬ 
man  resources  management  and 
supply  chain  management. 

“Users  are  saying  I  would  be 
nutty  not  to  at  least  give  [soft- 
ware-as-a-service]  strong  consid¬ 
eration  going  forward,”  says  Bill 
Gannon,  vice  president  of  con¬ 
sulting  for  AMR.“Whether  they  do 
it  is  another  item,  but  upwards  of 
60%  of  customers  are  saying  to  get 
on  my  short  list,  software-as-a-ser- 
vice  is  one  of  the  key  criteria  1  am 

Software-as-a- 

service 

A  survey  by  IT  advisory  firm 
Cutter  Consortium 
conducted  in  September/ 
October  asked  118 
professionals  if  they  were 
using  software-as-a-service. 


looking  for. What  they  are  saying  is 
they  recognize  all  the  promised 
benefits  of  decreased  cycle  time, 
faster  time  to  value,  lower  cost  per 
user,  lower  [total  cost  of  owner¬ 
ship],  not  to  mention  the  change 
in  the  economic  model  from  a 
capitalized  expenditure  to  a  man¬ 
ageable  [monthly]  expense.” 

Users  who  have  made  the  jump 
are  satisfied  not  only  with  the 
applications  but  with  the  concept. 


Service  providers 

There  is  a  growing  list  of  companies  specializing  in  software- 
as-a-service.  Also,  major  vendors  such  as  Oracle,  IBM, 
Microsoft  and  SAP  are  focusing  on  this  model  of  application 
delivery. 


Vendor 

Focus 

24Seven0fTice 

ERP/CRM  for  small  businesses. 

BlueRoads  Software 

Channel  CRM. 

- — - ~~~  _  '  *  '' 1  —  "J_  J— 'J 

ePrQject 

Project  management  tools. 

Journyx 

Time-sheet  tracking  software  for  payroll,  billing, 
accounting  and  project  management. 

NetSuite 

NetGRM,  NetERP,  NetGommerce;  founded  by  Oracle's 
Larry  Ellison. 

OpenAir 

Professional  services  automation. 

RightNow  Technologies 

RightNow  CRM  includes  sales,  service  and  marketing. 

Salesforce.com 

CRM  applications,  and  just-introduced  hosted  test 
environment. 

Taleo 

Talent/workforce  management  software. 

Writely 

Word  processing  application,  not  an  enterprise  offering,  yet. 

“We  don’t  want  to  invest  in  a  lot 
of  software.  We  have  in  the  past 
and  now  it  is  shelfware  because 
it  did  not  work  for  a  variety  of  rea¬ 
sons,”  says  Ed  Barrett,  vice  presi¬ 
dent  of  marketing  for  CareRehab, 
a  medical  device  manufacturer 
in  McLean, Va.,  with  some  80  sale¬ 
speople  spread  across  the  coun¬ 
try  He  says  ROI  has  been  faster 
because  the  upfront  costs  are 
lower. “In  our  case  we  only  need 
to  improve  inventory  manage¬ 
ment  by  5%  and  we  pay  for  the 
application.” 

Barrett  also  says  CareRehab  is 
not  interested  in  its  five-person  IT 
staff  being  high-tech  experts,  and 
he  uses  himself  as  an  example:  “I 
am  the  primary  administrator  of 
the  system  and  I’m  a  marketing 
guy.  It  is  unusual  for  me  to  have 
the  capabilities  to  help  manage 
our  sales  and  inventory  and  be  a 
marketing  guy” 

CareRehab  uses  software  from 
Salesforce.com,  an  online  CRM¬ 
centric  platform  CareRehab  has 
customized  to  handle  its  need  to 
track  inventory  which  is  scattered 
in  clinics  across  the  country 

Salesforce.com  is  the  current 
poster  child  of  corporate  soft¬ 
ware-as-a-service,  having  grown  its 
customer  base  by  nearly  1,100% 
in  the  past  four  years  to  351,000 
subscribers.  The  service,  with  a 
base  price  of  $65  per  user,  per 
year,  counts  ADP  (5,500  seats), 
SunTrust  Bank  (2,500)  and 
Staples  (1,500)  among  its  large 
customers. 

This  week,  Salesforce.com  is 
adding  to  its  platform  with  Sand¬ 
box,  which  provides  customers  a 
complete  replica  of  their  Sales¬ 
force  deployment  for  develop¬ 
ment,  testing  and  training. 

“What  we  are  seeing  is  our  cus¬ 
tomers  are  deploying  Salesforce 
way  beyond  our  historical  her¬ 
itage,  including  applications  they 
have  built  themselves  using  our 
tools  and  applications  they  have 
loaded  on  our  platform  from  third 
parties,”  says  Phill  Robinson, 
senior  vice  president  of  marketing 
for  Salesforce.com.  Robinson  says 
software-as-a-service  is  the  next 
shift  in  computing,  in  which  the 
traditional  client/server  market¬ 
place  consolidates  and  “where 
vendors  are  struggling  to  grow 
and  they  are  buying  one  another” 

Oracle  is  an  example,  having 
purchased  J.D.  Edwards,  People- 
Soft  and  more  recently  Siebel  and 
its  Siebel  CRM  OnDemand.  In 
October,  a  seven-page  memo  writ¬ 
ten  by  Microsoft  CTO  Ray  Ozzie  to 


company  executives  outlined  the 
company’s  challenges  and 
missed  opportunities  in  regard  to 
software-as-a-service.  IBM  touts 
itself  as  the  on-demand  company 
and  SAP  is  increasing  commit¬ 
ments  to  hosted  services. 

Consumer-focused  services 
from  companies  such  as  Google, 
eBay  and  Amazon  show  the  soft- 
ware-as-a-service  model  can 
scale.Those  vendors  are  being  fol¬ 
lowed  by  a  growing  list  of  smaller 
vendors  with  corporate-  and  con¬ 
sumer-focused  services  (see 
chart,  above). The  cost  benefits  of 
software-as-a-service  also  extend 
to  these  innovative  start-ups. 

“It  doesn’t  take  $5  million  to 
start  like  it  did  in  the  ASP  busi¬ 
ness;  it  takes  $100,000,”  says  Sam 
Schillace,  co-founder  of  Writely 
“Things  are  cheaper  now  and 
you  can  experiment.  One  server 
can  handle  a  couple  hundred 
thousand  users.” 

The  money  trail  leads  to  venture 
capitalists  who  are  seeding  the 
market. 

“Venture  firms  across  the  U.S.are 
spending  less  time  looking  at  and 
funding  companies  with  tradition¬ 
al  software  models. With  that  said, 
they  are  spending  a  lot  of  time 
looking  at  companies  that  are 
delivering  services  to  enterprises 
in  the  form  of  [software-as-a-ser- 
vice],”  says  Gus  Tai,  general  part¬ 
ner  with  Trinity  Ventures. 

The  willingness  of  corporate 
users  to  embrace  software-as-a- 
service  is  fueling  interest  as  much 
as  venture  capital  money 

In  the  Cutter  survey,  86%  of  re 
spondents  said  they  expected  to 


use  softwareas-a-service  to  gener¬ 
ate  costs  savings.  And  those  re¬ 
spondents  cited  other  benefits, 
such  as  greater  ROI  (27%), smaller 
staff  required  (24%),  improved  re 
liability  and  performance  (21%), 
quicker/easier  deployments 
(18%),  and  systematic  upgrades 
and  updates  (8%). 

Why  is  softwareas-a-service  find¬ 
ing  its  legs  now,  after  it  failed  in  the 
ASP  days?  From  a  technology 
standpoint,  Asynchronous  Java¬ 
Script  and  XML  (AJAX)  and  Asyn¬ 
chronous  Flash  and  XML  are  mak¬ 
ing  browser-based  applications 
more  desktop-like. 

“There  is  no  [user  interface] 
being  fetched  from  the  server;  it  is 


EMC 
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all  data,”  says  Ross  Dargahi,  co¬ 
founder  and  vice  president  of 
engineering  for  Zimbra,  which 
uses  AJAX  to  support  the  client  in 
its  server-based  collaboration 
tools.  In  the  ASP  model,  users 
fetched  a  new  page  from  the 
server  with  each  click. 

Also,  the  software  of  today  is 
designed  with  a  multi-tenant  ar¬ 
chitecture,  which  allows  one 
application  to  serve  multiple  com¬ 
panies  instead  of  an  ASP  hosting 
one  copy  of  the  application  for 
each  company  Users  also  can  cus¬ 
tomize  applications  today,  build 
entirely  new  applications  on  the 
hosted  platform  or  integrate  host¬ 
ed  applications  with  other  appli¬ 
cations  using  Web  services  APIs. 

The  near-anywhere  access  and 
speed  provided  by  wireless  and 
broadband  has  dramatically  im¬ 
proved  access  and  performance. 

Users  are  not  without  concerns. 
In  the  AMR  survey,  among  those 
using  or  considering  software-as- 
a-service,  the  top  three  risks  were 
protection  of  corporate  data/in¬ 
formation,  putting  strategic  infor¬ 
mation  outside  the  firewall  and 
integration  with  on-premises 
solutions. 

But  adoption  and  interest  levels 
show  those  concerns  are  fading. 

“The  traditional  enterprise  appli¬ 
cation  will  transfer  online,”  says 
Denis  Pomb riant,  managing  part¬ 
ner  of  Beagle  Research  Group. 
“What  you  are  viewing  is  the  early 
stages  of  a  disruptive  technology 
End  users  will  say  ‘Why  are  we 
paying  so  much  for  this  [software] 
when  I  can  get  it  for  a  nickel?”’ ■ 


an  array  in  the  second  quarter  of  next  year. 

The  company  will  also  announce  The  Gateway  Which  is  an  IP-based 
remote  monitoring  and  support  service  for  all  EMC  storage  arrays. The 
Gateway  provides  authentication,  authorization,  audit  capabilities  and 
encryption,  providing  customers  with  greater  security  and  control  over 
storage  environments. 

Also  featured  will  be  a  series  of  support  options  for  government  agen¬ 
cies,  which  includes  24/7  access  to  support  U.S.-based  engineers,  a  ded¬ 
icated  phone  line  and  case  management  queues  that  are  segmented 
from  the  general-support  queues.  The  company  says  60  public  sector 
agencies  participate  in  the  program. 

Further,  EMC  will  enhance  the  services  it  offers  to  EMC  ControlCenter, 
Documentum  and  Legato  Networker  customers.The  upgraded  services 
will  include  a  designated  support  engineer  who  can  remotely  monitor 
the  customer’s  environment,  an  onsite  support  engineer  who  special¬ 
izes  in  these  applications  and  is  available  to  the  customer  four  times  a 
year,  and  priority  onsite  support  for  faster  troubleshooting  and  problem 
resolution. 

Finally,  EMC  has  opened  a  new  technical  support  facility  in 
Hopkinton,  Mass.,  where  120  support  engineers  will  process  customer 
calls  and  resolve  problems.^ 
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Want  to  work  better,  faster  and  smarter? 

(That's  a  rhetorical  question,  of  course.) 
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Fluke  Networks  EtherScope™ 

Network  Assistant 

•  Solve  10/100/Gigabit  Ethernet  network  problems  fast 

•  See  into  your  802.1  la/b/g  wireless  network 

•  Analyze  network  traffic 

•  Discover  devices,  networks,  VLANs,  access  points, 
mobile  clients  and  more 

•  Measure  internetwork  performance 

•  Document  your  wired  and  wireless  network 


networks ,,  $827781 

CDW  860293 


Hard  drives  sold  separately 


HP  ProLiant  DL360  G4p  Rack-mount  Server 

•  64-bit  Intel5  Xeon™  Processor  (3GHz) 

•  Optimized  for  space-constrained  data 
center  installations 

•  Embedded  Lights-Out  technology  provides  secure 
text-based  remote  console  and  remote  power  on/off 

•  Offers  optimum  fault  tolerance  for  an 
ultra-dense  form  factor,  with  redundant 
fans  and  redundant  power 

$182943 

CDW  768981 

Recommended  services: 

HP  Care  Pack  3-year,  4-hour,  24  x  7  onsite  warranty  upgrade 
$523  (CDW  643802) 


S400  INSTANT 
SAVINGS1 


IBM  eServer  xSeries  336  Server 


64-bit  Intel®  Xeon™  Processor  (2.80GHz) 

Memory:  2GB 

8X  Max.  DVD-ROM  drive 

Features  two-way  SMP-capable  processors,  high 

availability,  and  scalability 

Designed  to  handle  compute-intensive, 

Web-based,  or  enterprise  network  applications 

Highly  manageable  and  ultra-thin 


$2309 

CDW  860355 


The  Technology  You  Need  When  You  Need  It. 

Upgrading  your  systems  means  upgrading  your  productivity.  At  CDW,  we  have  the  top-name  desktops, 
notebooks  and  servers  to  do  just  that.  Our  account  managers  provide  fast  answers  to  your  product  ques¬ 
tions.  And  with  access  to  the  largest  in-stock  inventories,  you'll  get  what  you  need  when  you  need  it.  So  why 
wait?  Get  new  systems  today  and  start  benefiting  tomorrow. 


The  Right  Technology.  Right  Away. 


CDW.com  •  800.399.4CDW 
In  Canada,  call  888.898.CDWC  •  CDWxaS  f /:• 
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IBM  Express  savings  based  on  a  comparison  of  the  Express  price  versus  the  standard  list  price  of  an  identically  configured  product  if  purchased  separately.  Savings  may  vary  based  on  channel  and/or 
direct  standard  pricing.  Offer  subject  to  CDW's  standard  terms  and  conditions  of  sale,  available  at  CDW.com.  ©  2005  CDW  Corporation 
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Cisco  gets  app  smart 

Part  of  Cisco's  move  into  applications  and  services  includes  its  latest  Network  Application 
Performance  Analysis  (NAPA)  product  push.  Elements  of  NAPA  include: 


Product 

What  it  does 

Availability 

Application  Assurance 
Solution  (AAS) 

Software  that  uses  distributed-agent  technology  to  capture  application  packets, 
network  metrics  and  traffic  data  to  perform  deep-dive  analysis  on  specific 
network  and/or  application  performance  problems. 

This  month 

Network  Planning 
Solution  (NPS) 

Software  that  collects  data  from  network  components  to  provide  a  view  of 
the  network  to  perform  capacity  planning  and  determine  network  readiness 
for  new  application  rollouts,  such  as  VoIP, 

This  month 

Bandwidth  Quality 
Appliance  (BQA) 

An  appliance,  today  coupled  with  Cisco  Advanced  Services,  installed  near  WAN 
links  to  provide  information  regarding  bandwidth  use  and  application  traffic 
over  the  wide  area. 

This  month 

Performance  Visibility 
Manager  (PVM) 

Software  that  collects  data  via  NetFlow,  SNMP  and  other  protocols  to  provide 
a  high-level  view  of  network  and  application  performance. 

Beta  in  January  2006; 
general  in  March  2006 

Note:  Pricing  not  yet  available  for  any  of  these  offerings. 


Cisco 
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partners:  IBM,  Microsoft,  HP  and 
CA.  Analysts  say  this  type  of  toe¬ 
stepping  and  outright  clashing  is 
one  of  the  biggest  challenges  for 
Cisco  as  it  asserts  its  role  in  appli¬ 
cations  and  SOA  beyond  its  per¬ 
ceived  image  as  a  provider  of  net¬ 
work  pipes. 

In  a  series  of  presentations  from 
Cisco  execs  last  week,  the  compa¬ 
ny  continued  its  mantra  of  2005, 
that  the  network  is  the  strategic 
center  for  where  IT  intelligence 
should  reside  in  enterprises. 

“The  network  will  evolve  into  the 
platform”  on  which  enterprises 
will  build  IT  intelligence  and 
application  services,  Cisco  CEO 
John  Chambers  told  a  group  of 
400  financial  and  industry  ana¬ 
lysts.  He  emphasized  the  growing 
SOA  approaches  companies  are 
planning  as  the  key  driver  for 
Cisco.“It’s  the  first  time  in  history 
that  technology  advances  are 
determining  the  future  business 
strategies  of  companies.” 

To  that  end,  Charles  Giancarlo, 
Ciscos  chief  development  officer, 
identified  Application  Network 
Services  (ANS)  as  Cisco’s  next 
Advanced  Technology  —  or 
potential  $1  billion  annual  rev¬ 
enue  stream.  ANS  wraps  all  of 
Cisco’s  application-focused  tech¬ 


nologies  under  one  umbrella  — 
Layer  4-7  switching,  WAN  opti¬ 
mization, application  acceleration 
and  its  Application  Oriented  Net¬ 
working  (AON)  technologies 
around  XML  and  SOA. 

In  a  broader  sense,  ANS  will  be 
part  of  Cisco’s  amorphous  SONA 
strategy  SONA  will  encompass  all 
of  Ciscos  enterprise  technologies 
—  wired  network  infrastructure, 
voice,  applications,  security  and 
mobility  Giancarlo  said  the  SONA 
initiative  will  be  on  the  level  of 
past  major  Cisco  initiatives,  such 
as  Cisco  Blue  —  where  IBM  and 
Cisco  network  technologies  were 
blended  —  and  the  company’s 
late  1990s  AWID  push  for  voice, 
video  and  data  convergence. 

“It’s  one  of  the  first  real  restruc¬ 
turings  of  the  way  computers 
operate  in  the  past  several 
decades,”  he  said. 

The  idea  behind  SONA  is  to  pool 
servers,  storage,  processing  and 
applications,  with  the  network 
layer  acting  as  an  intelligence  fab¬ 
ric  tying  everything  together. 

With  this,  IT  “becomes  just  a 
bunch  of  processors  and  disks,” 
tied  together  with  intelligent  net¬ 
work  gear.  Hardware  and  services 
virtualization  will  rely  heavily  on 
Cisco’s  new  data-center  and  stor¬ 
age  technologies,  such  as  its 
TopSpin-based  InfiniBand  gear,  as 
well  as  its  AON  technologies  that 


accelerate  XML  and  Web  services 
traffic.  The  promise  is  that  cus¬ 
tomers  moving  to  SOA  can  save 
money  and  complexity  by  mov¬ 
ing  parts  of  SOA  technology  into 
the  network — such  as  some  tasks 
done  by  middleware  and  other 
server-based  applications. 

Reception  of  the  strategy  by  ana¬ 
lysts  was  mixed,  as  many  said  the 
details  were  unclear  about  how 
Cisco  routers  and  switches  equate 
to  Web  services  and  SOA.  Cisco 
also  must  tread  with  caution,  ob¬ 
servers  said,  as  it  seems  likely  the 
vendor  will  clash  with  key  part¬ 
ners  the  more  it  emphasizes  the 
network  intelligence  over  server 


intelligence. 

“If  you’re  going  to  promote 
SONA  as  a  solution  to  SOA  migra¬ 
tion,  you  sort  of  have  to  describe 
how  you’re  doing  the  SOA  migra¬ 
tion  part  of  it,”  says  Thomas  Nolle, 
president  of  telecom  consulting 
company  CIMI.“The  problem  with 
Cisco  having  an  SOA  strategy  is 
that  unless  they  articulate  it  razor 
sharp,  it’s  going  to  look  like  a 
threat  to  their  partners,”  he  says. 

Already  vendors  that  have  close 
allegiances  and  partnerships  with 
Cisco  are  girding  for  tough  new 
competition  from  a  friend. 

“Cisco  says  they  can  take  care  of 
XML  and  HTML  all  inside  the  net¬ 
work,  but  why  can’t  that  be  done 
right  in  the  server  chipset?”  says 
Frank  Dzubeck,  president  of  Com¬ 
munication  Network  Architects. 
This  is  happening  on  the  other 
side,  he  says,  as  Intel  recently 
acquired  Sarvega,a  maker  of  XML 
acceleration  chips,  and  IBM 
bought  DataFbwer,  which  makes 
hardware  and  software  for  accel¬ 
erating  XML  and  SOA  traffic. 

“The  gray  area  is  getting  darker 
and  darker  and  wider  and  wider;” 
in  terms  of  what  roles  Cisco’s 
SONA  plays  and  what  roles  SOA 
efforts  by  IBM,  HR  Microsoft  and 
others  play  in  enterprise  architec¬ 
tures,  Dzubeck  adds. 

“It’s  a  philosophy  issue,”  he  says, 
“you  have  to  decide  whether  the 
network  should  be  the  center  of 
the  IT  universe,”  as  opposed  to  the 
applications  and  tools  normally 
provided  by  IT  vendors. 

The  first  real  volley  in  such  a 
fight  could  come  with  Cisco’s  ex¬ 
pected  launch  of  its  Network 
Application  Performance  Analysis 
(NAPA)  products.  NAPA  uses  tech¬ 
nology  acquired  with  Sheer  Net¬ 
works,  OEM  licenses  with  Opnet 
and  Corvil,  and  in-house  tech¬ 


nologies.  Cisco  built  four  products 
that  the  company  says  will  better 
identify  application-performance 
issues  for  network  managers.  The 
tools  also  will  make  it  easier  to 
pinpoint  the  network  cause  of  the 
application  slowdown.  The  four 
products  work  independently  but 
also  are  more  tightly  integrated  to 
work  together,  Cisco  says. 

“Cisco  is  sending  a  clear  mes¬ 
sage  to  the  market  that  they  are 
very  serious  about  getting  into 
network-  and  application-perfor¬ 
mance  management,”  says  George 
Hamilton,  a  senior  analyst  with 
The  Yankee  Group. “This  is  a  direct 
shot  at  the  HP  OpenView,  IBM 
[Tivoli  Enterprise  Console]  and 
other  traditional  management 
tools  out  there.  Cisco  put  a  lot  of 
resources  behind  this  internally’ 

In  the  short  term,  Cisco  products 
that  alert  network  managers 
about  application  performance 
could  help  performance-manage¬ 
ment  software  makers  InfoVista, 
NetQoS  and  NetScout.  Each  goes 
to  great  lengths  to  incorporate 
knowledge  of  Cisco  gear  into  its 
software.  With*  Cisco  providing  its 
own  standards-based  manage¬ 
ment  tools,  it  will  be  easier  for  ven¬ 
dors  to  manage  Cisco  networks 
without  having  to  overhaul  their 
software,  Hamilton  says. 

But  the  push  is  not  without  its 
challenges.  For  example,  Cisco 
may  have  to  sell  to  systems  ad¬ 
ministrators,  as  application  perfor¬ 
mance  in  many  IT  shops  is  direct¬ 
ly  linked  to  specific  servers. 

“Cisco  is  a  huge  networking 
equipment  vendor,  and  trying  to 
change  that  mind-set  in  the  mar¬ 
ket  will  be  tough  to  do,”  Hamil¬ 
ton  says.  “Cisco  wants  to  posi¬ 
tion  the  network  as  the  platform 
for  data  center  automation 
going  forward.”  ■ 


Appliance  squeezes  data 
onto  Fibre  Channel  SANs 


BY  DENI  CONNOR 

Data  Domain  plans  to  roll  out  this  week  a  gate¬ 
way  designed  to  make  storing  data  on  Fibre 
Channel  storage-area  networks  more  cost-efficient 
by  compressing  it. 

The  company’s  DD460g  Enterprise  Restorer  appli¬ 
ance  sits  between  Gigabit  Ethernet  server  networks 
and  Fibre  Channel  SANs  and  intercepts  data.  It  seg¬ 
ments  incoming  data,  identifies  it  and  compares  it 
with  data  that  has  been  previously  stored.  If  incoming 
data  is  a  duplicate  of  what  has  been  stored,  it  is  not 
stored, but  a  reference  is  created. If  the  data  is  unique, 
it  is  further  compressed  with  Zip-style  algorithms. 

“If  you’ve  already  invested  heavily  in  SAN  storage, 
you  may  want  to  use  it  as  the  back-up  target,”  says 
Tony  Asaro, senior  analyst  with  the  Enterprise  Strategy 
Group.  “Using  the  Data  Domain  appliance,  it’s  pretty 
inexpensive  to  just  add  another  shelf  of  drives.” 

Asaro  says  in  his  organization’s  tests  of  Data  Do¬ 
main,  compression  ratios  were  seen  to  improve  over 
time.  When  data  is  first  backed  up,  users  can  expect 
to  see  a  4-to-l  compression  ratio.  As  more  full  back¬ 
ups  are  done,  that  ratio  will  increase  to  10-to-l  and 


then  to  as  much  as  20-to-l ,  as  more  duplicate  data  is 
found,  Asaro  says. 

The  DD460g  Enterprise  Restorer  offers  storage 
capacities  ranging  from  15T  to  200TB.  It  works  with 
back-up  software  from  Bakbone,  CA,  Commvault, 
EMC,  HR  IBM  and  Veritas,  plus  EMC’s  Clariion  and 
Nexsan’s  ATABeast  arrays. 

Earlier  Data  Domain  products  back  up  data  to 
Gigabit  Ethernet  networks,  but  not  Fibre  Channel 
SANs. 

Data  Domain’s  appliances  compete  with  those 
from  Avamar,  Exagrid  and  Network  Appliance. 

Data  Domain  was  founded  in  2001  by  a  team  of 
storage  experts  from  Network  Appliance,  VA  Linux 
Systems  and  Princeton  University  It  has  received  $41 
million  in  funding  from  Greylock  Partners,  New  En¬ 
terprise  Associates  and  Sutter  Hill  Ventures.The  com¬ 
pany,  which  says  it  has  about  180  customers,  started 
shipping  appliances  at  the  beginning  of  2004. 

The  DD460g  is  RAID  protected  and  is  available  in  a 
3U  (5!4-inch-high)  rack-mount  enclosure.  It  has  hot- 
pluggable  disks  and  redundant  fans.  The  appliance 
starts  at  $65,000.  ■ 
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OiHlemand  CRM  a  moving  target  at  SAP 


BY  STACY  COWLEY,  IDG  NEWS  SERVICE 

SAP  plans  to  move  into  the  on-demand 
CRM  market  next  year,  but  getting  the 
product  right  has  proved  tricky. 

SAP  has  been  participating  in  test  pro¬ 
jects  and  working  with  customers  for 
some  time  to  craft  its  strategy  for  the  ERP 
software,  which  will  likely  be  offered  with 
hosted  and  on-premises  options,  said  Shai 
Agassi,  SAP’s  products  and  technology 
group  head,  at  SAP’s  annual  gathering  of 
industry  analysts,  in  Las  Vegas  last  week. 
However,  the  company  plans  to  take  its 
time  perfecting  its  offering,  and  it  intends 
to  launch  quietly  when  the  software  is 
ready  for  release. 

“We  won’t  do  the  kind  of  announce¬ 
ment  Siebel  has  done,”  Agassi  said,  refer¬ 
ring  to  Siebel’s  dramatic  cannonball  into 
the  hosted  CRM  market  in  late  2003. 
Siebel’s  then-CEO,  Tom  Siebel,  predicted 
Siebel  would  dominate  the  on-demand 
market  within  a  year.  Instead,  the  com¬ 
pany  continues  to  trail  early  pioneer 
Salesforce.com,  which  has  350,000  sub¬ 


scribers.  Siebel  has  44,000. 

With  Salesforce.com’s  success  demon¬ 
strating  customer  demand  for  enterprise 
software  sold  as  a  hosted,  managed  ser¬ 
vice,  top-tier  ERP  vendors  such  as  Oracle 
and  SAP  have  been  under  pressure  to 
come  up  with  similar  offerings,  which 
are  particularly  attractive  to  small 
companies  looking  to  minimize  their  IT 
challenges. 

Oracle  will  become  the  owner  of 
Siebel’s  CRM  OnDemand  service  once  its 
Siebel  acquisition  closes,  and  Microsoft 
said  last  week  it  has  begun  offering  a 
monthly  subscription  licensing  option 
for  partners  that  would  like  to  offer  its 
Microsoft  Dynamics  CRM  software  as  a 
hosted,  managed  service. 

SAP  was  rumored  to  be  planning  an 
on-demand  software  announcement  at 
its  Sapphire  user  show  earlier  this  year, 
but  nothing  happened.  Executives  later 
confirmed  that  SAP  was  developing  a 
new  hosted  product  for  a  2005  release. 
Agassi  said  next  year  is  a  more  likely 


launch  target. 

SAP  already  has  a  product  aimed  at 
midsize  businesses  —  Business  One, 
which  it  acquired  in  2002.  With  licenses 
starting  at  $3,750  per  user,  Business  One 
is  priced  beyond  the  smallest  business¬ 
es.  SAP  sees  a  market  for  an  even  simpler 
sales,  service  and  marketing  offering,  for 
customers  with  little  or  no  IT  support 
seeking  a  product  that’s  intuitive  and 
easily  managed. 

Hosting  will  be  an  option  for  SAP’s  new 
CRM  offering  but  it  isn’t  the  magic  bullet 
for  reducing  complexity,  in  SAP’s  view. 
While  Salesforce.com  has  thrived  in  tar¬ 
geting  the  salesforce  automation  market, 
enabling  the  entire  range  of  ERP  function¬ 
ality  is  riskier  —  some  companies,  even 
smaller  ones,  will  never  be  willing  to  trust 
their  core  operational  processes  to  an  out¬ 
sourced  provider,  Agassi  said.  If  a  CRM 
provider  has  a  catastrophe,  companies 
can  survive  a  few  days  without  access  to 
their  sales  systems.  Losing  access  to 
accounting  and  order  processing  systems 


would  be  crippling,  he  said. 

The  hosted  applications  market  in¬ 
cludes  several  companies  offering  ERP 
suites,  such  as  NetSuite,  which  has  a  cus¬ 
tomer  base  of  around  8,000  organizations. 
NetSuite  has  short,  scheduled  windows  of 
downtime  for  system  maintenance  but 
has  not  had  major  outages,  according  to 
CEO  Zach  Nelson.  ■ 


IT  Roadmap  ’06 

Want  the  inside  track  on  which  technologies  will  have 
the  biggest  impact  on  your  enterprise  in  the  year  to 
come?  John  Gallant  and  Johna  Till  Johnson  lay  it  all 
out  for  you  at  this  Network  World  Technology  Tour 
and  Expo  exclusively  for  IT  executives.  Register  now 
to  attend  free  —  and  when  you  attend,  you'll  auto¬ 
matically  qualify  to  win  a  42-inch  plasma  TV  given 
away  at  the  event.  DocFinder:  9427 
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Singular  rolls  out  3G  service 


BY  JIM  DUFFY 

Cingular  iast  week  launched  its 
3G  service  in  52  markets  across 
the  country. 

The  Cingular  service,  called 
BroadbandConnect,  uses  High 
Speed  Downlink  Packet  Access 
(HSDPA)  technology  to  deliver 
speeds  of  400K  to  700Kbps  on 
the  downlink,  burstable  to  more 
than  1Mbps. 

Customers  can  use  their  lap¬ 
tops  to  access  the  Internet  or  e- 
mail,  download  large  files  and 
attachments,  and  run  corporate 
business  applications  at  broad¬ 


band  speeds  in  areas  covered  by 
BroadbandConnect.  Additional 
devices  and  exclusive  services 
that  take  advantage  of  the  HSDPA 
network, such  as  transmitting  full- 
motion  video  and  providing 
ultra-fast  audio,  are  scheduled  to 
be  available  in  2006. 

HSDPA  is  an  extension  of  the 
70K  to  135Kbps  GSM/EDGE  (En¬ 
hanced  Data  Rates  for  Global 
Evolution)  technology,  on 
which  Cingular  had  been  bas¬ 
ing  its  services. 

Cingular  is  the  first  carrier  in 
the  world  to  launch  an  HSDPA 


Popular 

technology 

A  number  of  e-mail  security 
companies  such  as  IronPort, 
Sendmail,  Sophos  and 
StrongMail  have  struck  deals 
to  resell  PostX's  encryption 
technology. 


service,  according  to  Roger 
Entner,  vice  president  of  wireless 
telecommunications  research  at 
Ovum.“But  at  the  same  time,  they 
had  to,”  Entner  says.  “It  puts  them 
on  par  with  EV-DO  service,  which 
has  been  on  the  market  for  about 
a  year” 

Cingular  will  initially  launch 
the  BroadbandConnect  service 
in  Austin,  Texas;  Baltimore;  Bos¬ 
ton;  Chicago;  Dallas;  Houston;  Las 
Vegas;  Phoenix;  Portland,  Ore.; 
Salt  Lake  City;  San  Diego;  San 
Francisco;  San  Jose,  Calif..; 
Seattle;  Tacoma,  Wash.;  and 
Washington  D.C.  It  will  be  able  to 
reach  about  32  million  users  in 
these  markets,  Cingular  says. 

BroadbandConnect  combines 
a  laptop  modem  card,  Cingular’s 
Communication  Manager  soft¬ 
ware  and  a  Data  Connect  plan 
for  use  on  laptops. 

Cingular  says  the  laptop 
modem  cards  are  dual-band 
HSDPA/UMTS  (Universal  Mobile 
Telecommunications  System) 
and  backward-compatible  with 
EDGE  and  General  Packet  Radio 
Service  (GPRS)  in  four  bands  — 
850  MHz,  900  MHz,  1800  MHz  and 
1900  MHz.  Sessions  are  trans¬ 
ferred  to  the  company’s  nation¬ 
wide  EDGE  network  or  the  data 
network  of  one  of  its  roaming 
partners,  should  a  Broadband¬ 
Connect  customer  roam  outside 
the  HSDPA  coverage  area. 

Customers  can  purchase  a 
Sierra  Wireless  AC860  or  Novatel 
U730  laptop  modem  card  for 
$99.99,  after  rebate,  when  they 
sign  up  for  a  qualifying  voice 
plan  and  introductory  two-year 
$59.99  Unlimited  Data  Connect 
plan.  A  variety  of  monthly  data 
plans  are  available  starting  at 
$19.99  for  5Mbps,  Cingular  says. 

An  updated  version  of  Cingular 
Communication  Manager  is  in¬ 
cluded  with  the  laptop  modem 
cards.  The  software  gives  cus¬ 
tomers  the  ability  to  connect  to 


Faster  than  air 


Speeds  of  some  common  or 
coming  wireless  services. 

Service  Speed 


CDMA  IxRTT 

50Kbps  and  70Kbps 

GSM/EDGE 

70Kbps  to  135Kbps 

UMTS 

200Kbps  to  300Kbps 

EV-DO 

400Kbps  to  700Kbps 

HSDPA 

400Kbps  to  700Kbps 

EV-DO  Rev.  A  Up  to  3.1Mbps 

(2007-2008) 


BroadbandConnect,  EDGE  or 
GPRS  services,  or  public  and  pri¬ 
vate  Wi-Fi  hot  spots. 

Cingular  also  announced  this 
week  that  it  has  unveiled  a  push- 
to-talk  (PTT)  wireless  service. 
This  walkie-talkie-type  service 
allows  users  to  communicate 
with  an  individual  or  group  by 
clicking  a  button  instead  of  dial¬ 
ing  a  number. 

Cingular  will  compete  with 
longtime  player  Sprint  Nextel,  as 
well  as  Verizon  Wireless,  in  the 
PTT  market. 

Ovum’s  Entner  says  PTT  is  “still 
trying  to  fine  its  niche  beyond 
the  gray-  and  blue-collar  users.” 

Consumers  on  a  Cingular 
Nation  Plan  can  add  the  service 
for  $9.99  per  month,  per  line. 
Those  on  Family  Plans  can  select 
a  $19.99  feature  that  gives  as 
many  as  five  family  members  on 
the  account  unlimited  access  to 
the  service. 

Businesses  can  add  a  PTT  ser¬ 
vice  option  to  each  line  of  ser¬ 
vice  for  $9.99  per  month. 

The  service  is  available  on  two 
handsets  —  the  Samsung  d357 
and  the  LG  F7200.  Cingular  cus¬ 
tomers  who  sign  up  for  the  PTT 
service  can  opt  for  the  LG  F7200 
“slider”  phone  for  $69.99  and  get 
the  second  free,  or  the  Samsung 
d357  $99.99  and  get  the  second 
free.  ■ 


PostX  boosts  e-mail 

authentication 

management 

BY  CARA  GARRETSON 

FbstX  last  week  released  a  new  version  of  its  e-mail  encryption  offer¬ 
ing  that  lets  organizations  track,  manage  and  administer  their  outbound 
e-mail  encryption  requirements  that  are  often  part  of  federal  regula¬ 
tions  such  as  the  Health  Insurance  Pbrtability  and  Accountability  Act  or 
the  Sarbanes-Oxley  Act. 

PostX  Messaging  Application 
Platform  (MAP),  delivered  as  gate¬ 
way  software  or  a  hosted  service, 
can  encrypt  outbound  mail  with¬ 
out  requiring  the  recipient  to  have 
special  software  installed  to 
decrypt  the  message,  according  to 
Scott  Olechowski,  PostX’s  vice 
president  of  product  strategy 

The  PostX  Envelope  technology 
included  in  MAP  encrypts  the 
contents  of  an  e-mail  using  the 
Advanced  Encryption  Standard 
algorithm  and  compresses  it,  then  packages  it  in  an  HTML  file. 

The  recipient  gets  a  message  that  says  a  secure  e-mail  is  attached, 
then  launches  the  HTML  file  in  a  browser  and  enters  a  password, 
and  the  message  is  decrypted  on  the  recipient’s  PC,  Olechowski 
explains. 

This  is  different  from  other  encryption  methods  that  either  require  the 
recipient  to  have  decryption  software  installed  or  require  the  sender  to 
host  the  encrypted  messages  on  a  Web  site  and  direct  recipients  to  their 
messages  that  can  be  viewed  or  downloaded  from  there,  he  says. 

lire  advantage  of  the  FbstX  Envelope  approach  is  twofold,  Olech¬ 
owski  says.  “Recipients  prefer  to  actually  receive  the  information  on 
their  PCs,  and  you  don’t  have  to  be  online  to  receive  it,”  he  says. 

MAP  6.0  includes  enhanced  policy  management  capabilities  that  can 
take  advantage  of  PostX’s  security  and  privacy  lexicons.  It  also  includes 
the  ability  to  work  with  Smart  Card  and  X.509  certificate  authentication, 
Olechowski  says,  and  integrates  the  OpenPGP  e-mail  encryption  speci¬ 
fication,  as  well  as  S/MIME. 

FbstX  competes  with  encryption  vendors  Entrust,  PGP  Ziplip  and 
Ciphertrust. 

MAP  6.0  is  priced  starting  at  $25,000.  ■ 
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WET  INFRASTRUCTURE 

SECURITY  M  SWITCHING  *  ROUTING  H  VPNS  8  BANDWIDTH  MANAGEMENT  II  VOIP  M  WIRELESS  LANS 


Short  Takes 


■  D-Link  last  week  fortified  its 
NetDefend  security  product  line 
with  new  firewall  products  and  a 
security  appliance.  The  D-Link 
NetDefend  Firewall/VPN  Applica¬ 
tions  (DFL-800  and  DFL-1600)  com¬ 
bine  stateful  packet  inspection  fea¬ 
tures  with  content  filtering  and 
intrusion  detection  and  protection, 
the  company  says.  The  NetDefend 
Application  Security  Gateway  (DFL- 
M510)  adds  features  to  D-Link’s 
security  line.  The  product  is  an 
application  security  gateway  that 
monitors  and  enforces  a  company’s 
network  policies  at  the  application 
level.  The  DFL-800  firewall  supports 
10  100Mbps  connections  and  up  to 
25,000  concurrent  network  sessions. 
The  DFL-1600,  which  supports  as 
many  as  400,000  concurrent  ses¬ 
sions,  also  supports  six  Gigabit 
Ethernet  connections.  The  offerings 
are  available  now  and  priced  as  fol¬ 
lows:  $1,700  for  the  DFL-800;  $7,000 
for  the  DFL-1600;  and  $2,800  for  the 
DFL-M510. 

■  RSA  Security  last  week  said  it 
plans  to  buy  Cyota,  a  provider  of 
online  security  and  anti-fraud  prod¬ 
ucts,  for  $145  million. The  acquisition 
will  let  RSA  offer  customers  a  broad¬ 
er  range  of  authentication  techniques. 
RSA  says  it  hopes  to  offer  a  risk- 
based  authentication  approach,  let¬ 
ting  customers  choose  an  authentica¬ 
tion  method  to  meet  the  risks  they 
face  from  a  portfolio  that  includes 
watermarking,  digital  certificates, 
tokens  and  smart  cards.  RSA  also 
plans  to  offer  Cyota's  anti-fraud  ser¬ 
vice,  detection  of  phishing  attacks 
and  a  transaction-protection  service 
that  authenticates  credit  card  users 
and  identifies  fraudulent  activity  in 
accounts. 

■  Watchfire  has  announced  App- 
Scan  6.0,  an  updated  version  of  its 
vulnerability-assessment  software 
that  examines  Web  applications  to 
determine  problems  such  as  SQL 
injection  or  cross  scripting,  which 
hackers  could  exploit.  The  Windows- 
based  tool  costs  $15,000  per  user. 


Users:  hybrid  PBXs  work 

Cost  savings,  features  outweigh  wholesaleTDM-to-IP  upgrades. 


Hybrid  options 


While  large  PBX  vendors  tout  their  pure  IP  PBXs,  many  VoIP  beginners  are 
getting  their  feet  wet  with  hybrid  systems  that  switch  voice  overTDM  and  IP. 
Here  are  some  of  the  hybrid  PBX  options  from  telephony  vendors. 

Product  description 

TDM-based  PBX,  can  support  IP  phones  via  an  IP  gateway  or  interface  card. 
Linux-based  IP  PBX,  can  support  digital  and  analog  phones  natively. 

Hybrid  PBX  with  a  native  TDM  bus  and  built-in  IP  switching  interfaces  for 
both  IP  and  digital  phone  support. 

PBX  supports  IP  phones  via  VoIP  gateways  and  IP  trunks. 

IP  PBX  that  can  support  Nortel  legacy  phones  through  a  digital  interface  card. 

Hybrid  IP  PBX  that  supports  IP  and/or  digital  phones  via  interface  cards. 
Unix-based  hybrid  IP/TDM  product,  supports  VoIP  and  digital  voice  natively. 


Vendor 

Product 

Avaya 

IP-enabled  Definity 

s8700 

ALCATEL 

0mniPCX4400 

Nortel 

IP-enabled  Meridian 

Communication 

Server  1000 

NEC 

NEAX 

Siemens 

HiPatch  4000 

BY  PHIL  HOCHMUTH 

While  the  industry  pushes  IP  as  the  future 
of  telephony  services,  network  profession¬ 
als  who  manage  business  phone  networks 
say  hybrid  IP/legacy  PBXs  are  helping  intro¬ 
duce  productivity  gains  and  cost  savings 
without  forcing  networks  to  undergo  dread¬ 
ed  R&R  —  as  in  “rip  and  replace”  — 
upgrades. 

Most  major  PBX  vendors  have  long 
offered  IP  options  on  their  legacy  gear.  Early 
on,  this  let  users  tie  together  PBXs  via  IP 
over  private  WANs  —  converged  voice/data 
T-ls  and  free  intercompany  long  distance 
were  among  key  drivers.  This  hybrid 
approach,  mixing  IP  and  legacy  TDM  tech¬ 
nology  is  now  extending  into  the  areas  of 
employee  productivity  and  new  applica¬ 
tions  in  some  companies. 

Hybrid  IP/TDM  voice  switches  are  typi¬ 
cally  legacy  PBXs  with  digital  phones  and 
ISDN  interfaces  that  are  IP-enabled  —  with 
cards  that  put  the  PBX  on  the  LAN  (similar 
to  a  server  network  interface  card)  or  gate¬ 
ways  that  translate  voice  signals  between  IP 
and  TDM. 

The  IP-enablement  approach  lets  users 
keep  TDM  handsets  on  desktops,  while  giv¬ 
ing  them  computer  telephony  features  — 
such  as  click-to-dial  from  a  PC  and  unified 
voice/e-mail.  IP  phones  can  connect  to  the 
PBX  via  gateways  and  installing  software  on 


the  PBX  that  lets  it  recognize  IP  endpoints 
as  digital  extensions. 

With  true  hybrid  PBX  gear,  the  phone 
switches  can  handle  TDM-based  or  IP- 
based  handsets,  connecting  to  IP  phones 
via  a  LAN  interface  and  digital  phones 
through  a  regular  telecom  rack.  These 
devices  see  both  kinds  of  handsets  as 
equals  on  the  network  —  limitations  of 
each  technology  notwithstanding. 

Third-quarter  2005  market  estimates  from 
Merrill  Lynch  show  IP  telephony  systems 
growing  at  31%  from  the  same  quarter  a 


year  ago,  while  TDM  PBX  sales  dropped  by 

20%.  " 

Avaya  is  one  company  following  the 
hybrid  telephony  trend  in  the  industry  — 
moving  towards  IP  while  maintaining  TDM 
presence.  Merrill  Lynch  says  Avaya’s  TDM 
PBX  sales  shrunk  3%  from  the  second  to 
the  third  quarter  of  2005,  and  compared 
with  the  same  quarter  a  year  ago  sales  are 
down  20%.  Meanwhile,  its  hybrid  IP  voice 
sales  grew  14%. 

But  analysts  say  Avaya’s  TDM  business 

See  Hybrid,  page  22 


Adorno  offers  speech  recognition 


BY  TIM  GREENE 

Voice  mail  vendor  Adorno  is  adding 
speech-recognition  features  to  its  unified 
messaging  system  that  will  make  it  easier 
for  Windows  customers  to  retrieve  voice 
mail  regardless  of  their  location. 

With  its  Adorno  5.0  software,  the  auto¬ 
attendant  feature  of  the  company’s  gear 
can  recognize  spoken  names  and  con¬ 
nect  callers  to  the  appropriate  exten¬ 
sions.  Instead  of  being  asked  to  punch  in 
the  first  few  letters  of  a  person’s  last 
name,  the  caller  says  the  name  and  the 
Adorno  Voice  Messaging  Exchange 
makes  the  connection.  If  there  is  more 
than  one  person  with  the  same  name, 
the  equipment  asks  a  follow-up  question 
such  as, “What  department  does  the  per¬ 


son  work  in?” 

Adorno  can  work  in  tandem  with  offer¬ 
ings  from  PBX  vendors  including  Alcatel, 
Avaya,  Cisco,  Mitel,  Nortel  and  Siemens.The 
company  is  working  on  a  Session  Initiation 
Protocol  interface  for  its  next  software 
release  that  will  enable  the  gear  to  work 
with  SIP-based  IP  PBXs. 

The  company  competes  against  voice¬ 
messaging  systems  made  by  PBX  vendors. 
“This  is  a  pretty  unique  approach,”  says 
Mike  Osterman  of  Osterman  Research. 
Adorno  expects  businesses  will  buy  its 
products  because  they  unify  voice  mail  sys¬ 
tems  across  multiple  sites. 

SI  International,  an  IT  consulting  firm  in 
Reston,  Va.,  uses  Adorno  gear  in  conjunc¬ 
tion  with  Avaya,  NEC  and  Nortel  PBXs,  says 


CIO  Steve  Hunt. 

The  office  with  the  NEC  PBX  had  no  voice 
mail  before,  and  Hunt  opted  to  use  Adorno 
with  the  Avaya  and  Nortel  gear.  The  costs 
were  about  the  same,  and  the  Adorno 
equipment  gave  added  features, such  as  the 
voice  recognition. 

The  Adorno  gear  creates  a  single  voice¬ 
messaging  system  that  serves  multiple 
PBXs.  If  a  call  for  an  employee  in  an  SI 
office  in  Virginia  comes  into  Si’s  Colorado 
office,  the  message  will  get  to  the  employee 
when  he  picks  up  his  voice  mail  via  the 
Virginia  phone.  Without  Adorno,  he  would 
have  to  check  his  voice  mail  tied  to  the 
Virginia  voice  mail  system  and  then  check 
in  separately  with  the  Colorado  voice  mail 
See  Adorno,  page  22 
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ironPort  launches  SMB  e-mail  gateway 


BY  CARA  GARRETSON 

Long  the  provider  of  e-mail 
security  products  to  companies 
and  ISPs,  IronPort  this  week  plans 
to  enter  the  small  and  midsize 
business  market  with  its  CIO  mes¬ 
saging  security  appliance. 

The  appliance  offers  protection 
from  spam  and  other  e-mail 
threats, says  Pat  Peterson,  IronPort’s 
vice  president  of  technology 

The  appliance,  which  can  be 
purchased  directly  from  IronPort’s 
Web  site  or  through  resellers,  in¬ 
cludes  a  host  of  management 
tools  designed  to  ease  administra¬ 
tion  for  SMBs  that  typically  don’t 


have  dedicated  IT  staffs  for  e-mail 
security,  Peterson  says. 

IronPort  defines  SMBs  as  organi¬ 
zations  with  1,000  employees  or 
less. 

The  SMB  market  faces  unique 
problems  regarding  e-mail  securi¬ 
ty  because  the  messaging  costs 
per  user  are  significantly  higher 
than  those  of  a  large  business, and 
SMBs  rarely  have  staff  dedicated 
to  protecting  networks,  says 
Michael  Osterman,  founder  of 
Osterman  Research.  “Companies 
have  to  make  these  boxes  almost 
bulletproof  —  plug  it  in,  it  runs 
and  protects  the  network,”  he  says. 


The  CIO  uses  the  same  messag¬ 
ing  security  engine  as  IronPort’s 
C600  appliances,  which  the  com¬ 
pany  sells  to  enterprises  and  ISPs. 
And  while  it  contains  many  of  the 
same  functions  as  the  enterprise- 
class  product,  IronPort  had  hid¬ 
den  most  of  these  so  as  to  limit 
confusion,  Peterson  says. 

There  are  a  few  tools  included 
with  the  CIO  designed  for  SMB 
use,  he  adds.  These  include  a  utili¬ 
ty  that  automatically  sends  reports 
into  IronPort’s  customer  support 
organization  that  detail  the  appli¬ 
ance’s  status  and  a  tool  that  gath¬ 
ers  statistics  on  the  product,  sends 


them  in  an  e-mail  to  IronPort  sup¬ 
port  and  automatically  starts  a 
support  ticket  with  details  on  the 
problem,  Peterson  says. 

IronPort  says  the  company  or  a 
channel  partner  can  configure 
the  CIO  remotely  in  less  than  15 
minutes.  Companies  can  choose 
to  run  the  appliance  in  health- 
check  mode,  in  which  the  product 
doesn’t  take  any  action  but  keeps 
track  of  what  it  would  have  done, 
giving  organizations  a  sense  for 
how  the  CIO  works  before  deploy¬ 
ing  it,  Peterson  says. 

The  $3,000  price  tag  for  100 
users  covers  anti-spam  functions; 


additional  modules  can  be  pur¬ 
chased  for  additional  capabilities, 
including  virus-outbreak  filters. 
Each  additional  seat  beyond  the 
100  included  in  the  base  price 
costs  $29.99  for  as  many  249 
users,  then  $20.63  for  as  many  as 
500  users. 

Competitors  in  the  market  for  e- 
mail  security  appliances  de¬ 
signed  for  SMBs  include  Mira- 
point  and  Barracuda.  ■ 
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Adorno 

continued  from  page  21 
system. 

The  problem  is  SI  will  have  to  install  an 
Adorno  appliance  at  each  SI  office  with 
PBXs  for  the  voice  mail  system  to  be  fully 
unified,  Hunt  says.  That  transition  is 
planned  for  next  year. 

The  new  Adorno  software  also  lets 
users  forward  voice  mail  using  voice 
commands. The  appliance  then  dips  into 
Microsoft’s  Active  Directory  and  deter¬ 
mines  to  what  extension  to  forward  the 
call.  Users  also  can  create  voice  mails 
that  can  be  forwarded  to  groups  of  recip¬ 
ients  via  voice  commands.The  messages 
also  can  be  sent  as  audio  attachments  to 
any  e-mail  address  listed  in  a  user’s 
Exchange  address  book. 


The  software  also  enables  call  forward¬ 
ing  and  calling  several  numbers  to  track 
a  user  down. The  call  can  be  put  through 
directly  when  the  recipient  picks  up,  or 
the  Adorno  Voice  Messaging  Exchange 
can  first  ask  a  caller  for  his  name  and 
what  they  are  calling  about  and  relay 
that  message  to  the  recipient,  who  can 
take  the  call  or  send  it  to  voice  mail. 

The  call-forwarding  and  find-me  poli¬ 
cies  are  set  by  each  user  via  a  Web  inter¬ 
face. 

The  standard  Voice  Message  Exchange 
costs  $125  per  user  plus  the  cost  of  hard¬ 
ware,  which  comes  in  three  options: 
$12,000  for  500  users;  $18,000  for  1,000 
users;  and  $24,000  for  2,000  users.  The 
speech-recognition  options  increases 
the  price  up  to  $165  per  user  plus  the 
hardware.  ■ 


Hybrid 

continued  from  page  21 

brought  in  an  average  of  $100  million  to 
$150  million  per  quarter  over  the  past  two 
years.  No  vendor  of  telephony  gear  would 
sneeze  at  that  revenue,  however  much  its 
marketing  material  looks  like  an  all-VoIP 
manifesto. 

A  hybrid  Avaya  PBX  at  Quaker  Chemical, 
a  chemical  manufacturing  company  in 
Conshohocken,  Pa.,  gives  employees  the 
ability  to  work  from  home  and  inexpen¬ 
sively  have  in-office  extensions  follow 
them  home. 

Some  users  install  islands  of  pure-IP  PBXs 
among  a  larger  TDM  infrastructure,  usually 
in  branch  sites  or  small  remote  offices. 
Such  proof-of-concept  rollouts  are  com¬ 
mon,  but  others  find  integrating  IP  into  the 
larger  PBX  network  is  more  effective. 

“It’s  a  useful  tool,”  says  Irving  Tyler,  CIO 
for  Quaker  Chemical.  Some  employees 
use  all-IP  in  their  homes,  with  an  Avaya 
softphone  to  VPN-connect  into  the  main 
PBX.  Others  use  softphone  software  only 
for  call  control,  where  call  setups  can  be 
made  from  anywhere  but  the  voice  links 
are  terminated  by  the  PBX,  with  voice  run¬ 
ning  over  TDM  internally  and  the  public 
switched  telephone  network  externally 
Such  features  would  be  more  expensive 
and  complex  to  set  up  in  a  pure-TDM 
environment, Tyler  says. 

However,  swapping  all  IP  phones  with 
Avaya  digital  sets  is  not  in  Tyler’s  immedi¬ 
ate  plans.  While  features  such  as  click-to- 
call  and  find-me-follow-me  are  nice, 
they’re  not  essential  to  his  business. 

“That  kind  of  flexibility  is  pretty  neat  but 
how  many  people  really  need”  most  of  it, 
Tyler  says.  “I  struggle  to  see  that  IP  will  be 
completely  domain. There  are  unique  fea¬ 
tures  of  IP  that  regular  phone  can’t  give 
you,  but  those  probably  only  apply  in 
unique  situation.” 

At  the  Southern  Company,  a  conglomer¬ 


ate  that  manages  energy  utilities  in  five 
Southern  states,  hybrid  IP/TDM  telephony 
is  part  of  a  project  to  enhance  an  existing 
Siemens  TDM  phone  network  to  bring 
new  applications  to  the  company’s  voice 
mail  system. 

The  project  mixes  the  older 
Siemens/ROLM  voice  mail  system  with  an 
Asterisk  open  source  IP  PBX  system, 
which  runs  on  a  Linux  server. 

“It’s  breathing  new  life  into  our  legacy 
messaging  system,”  says  Arnold  Solomon, 
IT  architect  for  the  Southern  Company. 

Under  Solomon’s  setup,  a  user  leaving  a 
voice  mail  for  another  employee  has  the 
option  to  send  an  e-mail  page  alerting  the 
recipient  to  the  message.  Selecting  this 
option  triggers  the  Asterisk  server,  which 
talks  to  the  Siemens/ROLM  system  via  an 
ISDN  interface  card  on  the  box.  The 
Asterisk  server,  running  an  SMTP  daemon, 
sends  an  e-mail  to  users’  BlackBerries,  cell 
phones  or  desktop  e-mail  clients,  alerting 
them  to  the  voice  mail.  Solomon  also  plans 
to  use  the  hybrid  Asterisk/Siemens  setup 
for  group  text  paging  of  users’  BlackBerries, 
in  which  one  employee  can  send  numeric 
pages  to  teams  of  BlackBerry  users  via  a 
Siemens  desktop  phone. 

In  the  past,  installing  this  type  of  com¬ 
puter/telephony  server  integration  re¬ 
quired  consultants  and  custom  program¬ 
ming.  “That’s  where  Linux  comes  in,” 
Solomon  says.  “This  is  pretty  easy  stuff  to 
do,”  once  standard,  IP-based  hardware 
and  software  are  thrown  into  the  TDM 
mix,  he  adds.  ■ 
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Mix  and  match 

View  a  diagram  of  hybrid  unified  messaging  at  the 
Southern  Company. 
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Integrating  PBXs  with  Microsoft  Exchange 

Adorno's  Voice  Messaging  Exchange  links  voice  mail  systems  at  separate  sites 
via  Microsoft  Exchange  and  Active  Directory.  New  features  support  speech 
recognition  to  connect  to  individuals  rather  than  manually  entering  the  first 
three  letters  of  a  person’s  last  name. 


M3  Exchange/ 

Active  Directory 

Q  A  caller  reaches  Adorno  auto-attendant,  which  asks  him  to  speak  the  name  of  the  person  he  is  calling. 

B  The  Adorno  gear  checks  with  Active  Directory  to  find  the  person's  extension  and  takes  a  voice  message  if 
the  person  isn’t  available. 

E3  When  the  called  party  checks  voice  mail  either  via  the  phone  or  Exchange,  he  receives  the  message,  which 
Adorno  stores  as  a  .wav  file. 


Sterling  Commerce  leads  the  world  in  helping 
businesses  collaborate  with  their  partners. 


Of  course,  we've  had  a  30  year  head  start. 
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and  real-time  control  over  shared  business  processes.  So  you  can  make  faster,  better-informed  decisions  to 
help  cut  costs  and  accelerate  time  to  market.  In  fact,  a  majority  of  the  world's  leading  companies  already 
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SECURING  THE  ENTERPRISE 


Managing  security  weaknesses  no  easy  task 


Agent  or  agentless? 

There  are  two  ways  to  look  for  network  weaknesses:  an  agent-based  scanner, 
which  is  deployed  directly  on  a  host  system,  or  an  agentless  scanner,  which 
probes  machines  at  targeted  IP  addresses.  Here  are  a  few  factors  that  influence 
the  choice  companies  will  make: 


Using  agent-based  scanners 

Pros: 

Cons: 

Agent-based  software  can  monitor  mobile  systems, 
which  may  move  on  and  off  a  network  and  evade  the 
notice  of  agentless  scans. 

Agent-based  software  doesn’t  exist  for  some  network 
assets,  such  as  routers,  switches  and  printers. 

Agent-based  software  may  facilitate  remediation  pro¬ 
cesses,  such  as  patching  or  configuration  management. 

Agent-based  scanners,  which  have  to  be  deployed  to 
hosts,  are  more  expensive  than  the  agentless  variety. 

Using  agentless  scanners 

Pro:  Con: 

Because  no  software  agent  is  required  on  the  system 


BY  ELLEN  MESSMER 

ulnerability  management  starts  with 
tools  that  assess  security  in  network 
gear  and  applications,  but  it’s  a  road 
that  forks,  one  way  leading  to  host- 
or  agent-based  scanners  and  the  other  to 
network-based  or  agentless  scanners. 

An  agent-based  vulnerability  scanner  is 
deployed  directly  on  the  host  system;  the 
alternative,  an  agentless  scanner,  probes 
machines  at  targeted  IP  addresses.  By  year- 
end,  agent-based  options  are  expected  to 
nudge  out  agentless  tools  in  sales  volume 
by  about  $100  million,  IDC  predicts,  with 
total  sales  for  both  types  of  about  $600  mil¬ 
lion.  Although  the  market  is  rich  in  both 
varieties,  experts  say  several  factors  influ¬ 
ence  the  choices  that  network  managers 
make  in  vulnerability  assessment. 

Both  approaches  have  pros  and  cons. 
“The  bad  thing  about  agents  is  that  they’re 
expensive  to  install  and  maintain,”  says 
John  Bescatore,  an  analyst  at  Gartner,  in 
describing  the  considerations  that  come  up 
with  the  decision  about  which  route  to 
take. 

The  bigger  the  network,  the  more  the 
agent-based  software  that  has  to  be 
installed.  Costs  typically  range  from  about 
$25  to  $40  per  desktop  to  hundreds  of  dol¬ 
lars  for  servers,  according  to  vendors  with 
agent-based  products.  On  the  other  hand, 
“the  huge  benefit  of  an  agent-based  [scan¬ 
ner]  is  that  you  can  get  deeper  information 
about  the  computer  node,  such  as  looking 
into  the  registry/’  Bescatore  says. 

Vendors  selling  agent-based  products 
include  BigFix,  Citadel,  Computer  Associ¬ 
ates,  Configuresoft,  Elemental,  IBM,  LAN- 
Desk,  NetlQ,  PatchLink,  Secure  Elements 
and  Symantec,  according  to  the  Burton 
Group  in  its  “Vulnerability  Management” 
research  report. 

“The  value  in  an  agent  is  in  the  scalability 
with  networks  of  70,000  and  more,”  says 
Randy  Streu,  vice  president  of  product 
management  at  Configuresoft, whose  Enter¬ 
prise  Configuration  Manager  consists  of 
software  agents  that  can  be  added  to  Win¬ 
dows  desktops  and  servers. 

In  large  networks,  the  agentless  approach 
stumbles  on  obstacles  such  as  firewalls, 
which  can  block  scanning  attempts,  and 
overly  long  scanning  time  frames.  In  addi¬ 
tion,  experts  point  out  that  mobile  devices 
are  not  good  candidates  for  agentless  scans 
because  they  are  often  removed  from  the 
network  and  may  elude  detection. 

Cambia,  eEye  Digital  Security,  Internet 


to  be  managed,  there  is  no  deployment  and  maintenance 
demand  on  servers,  desktops  or  other  equipment. 
Vulnerability  scanning  services  also  are  available. 


Security  Systems  (ISS),  Lockdown  Net¬ 
works,  McAfee,  nCircle,  PredatorWatch, 
StillSecure  and  Visionael  are  the  main 
contenders  in  agentless  vulnerability  man¬ 
agement,  analysts  say.  Some  vendors, 
including  eEye,  sell  both  agent-based  and 
agentless  scanning  products.  Others,  such 
as  Qualys,  specialize  in  services  for  agent¬ 
less  scanning. 

The  bigger  picture,  however,  is  that  vulner¬ 
ability-management  vendors  are  in  the 
midst  of  partnering  in  integration  alliances 
that  will  let  their  vulnerability-assessment 
tools  share  data  directly  with  patch-man¬ 
agement  tools  for  remediation  or  security- 
event  management  (SEM). 

According  to  the  Burton  Group,  ISS,  Lock- 
down,  McAfee,  nCircle,  PredatorWatch, 
Qualys  and  StillSecure  have  integrated  with 
Citadel  and  PatchLink  to  automate  soft¬ 
ware  fixes. 

The  biggest  push  at  Qualys  during  the 
past  year  was  to  integrate  its  product  with 
SEM  products  from  ArcSight,  Network  In¬ 
telligence  and  NetForensics  that  centralize 
security  data,  says  Gerhard  Eschelbach, 
CTO  at  the  company 

“This  integration  happened  on  a  large 
scale,  so  now  it’s  automatic,  not  manual” 
Eschelbach  says. 

Show  me  your  credentials 

Agentless  network  scanners  also  can  per¬ 
form  credentialed  scans  for  some  targeted 
host  systems.  Credentialed  scans  use  the 
appropriate  administrator  user  IDs  and 


May  not  provide  as  great  detail  on  vulnerabilities  as 
agent-based  software,  which  has  privileged  access 
to  host  systems. 


passwords  so  that  the  scanner’s  central  con¬ 
sole  or  proxy  can  log  into  Windows  do¬ 
mains  or  Unix  systems  to  examine  the  com¬ 
puter  for  vulnerabilities. 

Although  credentialed  scans  closely  imi¬ 
tate  agent-based  scans,  most  observers  con¬ 
sider  them  less  comprehensive  in  discover¬ 
ing  holes  or  providing  a  way  to  fix  them. 

According  to  the  Burton  Group,  Altiris’ 
AuditExpress  can  identify  vulnerabilities  in 
Microsoft  Windows  or  Unix  systems  via  a 
credentialed  network  scan.  AuditExpress 
also  has  an  option  for  using  agents,  making 
it  a  possible  choice  for  organizations  that 
want  to  adopt  both  approaches. 

BindView  Development,  which  Symantec 
is  in  the  process  of  acquiring  for  $207  mil¬ 
lion,  offers  the  bv-Control  product  for  both 
credentialed  and  non-credentialed  scans  of 
Windows,  NetWare,  Unix  and  OS/400  oper¬ 
ating  systems,  Check  Point  firewalls,  and 
applications  such  as  Oracle  databases. 

However,  even  vendors  whose  products 
offer  a  credentialed  scan  caution  it  can  be 
a  difficult  security  procedure. This  is  partic¬ 
ularly  the  case  on  large  networks,  where 
aggregating  authentication  credentials  for 
every  machine  to  be  scanned  is  a  tough 
assignment. 

“If  you  think  you  have  the  credentials  and 
you  don’t, you’ll  end  up  with  false  negatives 
when  you  scan,”  says  Mike  Puterbaugh, 
director  of  product  management  at  eEye, 
whose  Retina  scanner  supports  both  cre¬ 
dentialed  and  non-credentialed  agentless 
scans. 


One  of  the  most  popular  network-assess¬ 
ment  tools  is  not  a  commercial  product;  it’s 
the  freeware  scanner  Nessus,  owned  by 
Tenable  Network  Security  Nessus  costs 
nothing  to  use.  By  comparison,  the  McAfee 
Foundstone  FS850  appliance,  which 
shipped  last  month,  costs  $6,400  plus  $75 
per  IP  address. 

The  future  of  Nessus,  which  is  used  by  an 
estimated  80,000  organizations,  has  come 
into  question,  however.  In  October  Tenable 
announced  that  the  next  version  of  the 
tool,  expected  to  run  vulnerability  scans  at 
five  times  the  speed  of  the  current  version, 
will  require  users  to  obtain  a  commercial 
license. 

Nessus  3.0  software  will  still  be  free,  says 
Tenable’s  CEO  Ron  Gula.  However,  the  com¬ 
pany  is  planning  a  line  of  appliances  based 
on  Nessus  3.0  that  would  sell  for  an  as-yet- 
undisclosed  price.  A  U.K.-based  group 
called  GnessusUS  has  vowed  to  continue 
developing  Nessus  as  freeware. 

Different  strokes  for  different  folks 

Network  managers  express  the  most  con¬ 
fidence  in  specialized  vulnerability-assess¬ 
ment  tools  that  may  only  check  one  thing, 
such  as  specific  databases  or  Web  servers 
and  applications. 

Allen  Brokken,  principal  systems  security 
analyst  with  the  University  of  Missouri,  says 
he  depends  on  SPI  Dynamics’  Weblnspect 
to  scan  the  Web-based  e-commerce  hub, 
which  processes  about  $50  million  in  trans¬ 
actions  for  tuition,  books  and  college  fees 
each  year. 

Weblnspect  looks  for  specific  types  of 
vulnerabilities  associated  with  the  Web, 
such  as  buffer  overffow  and  cross-site 
scripting.  It  also  checks  to  make  sure  the  e- 
commerce  site  conforms  to  the  Payment 
Card  Industry  security  standard  that 
kicked  in  last  summer. 

“Certain  scanners  definitely  lend  them¬ 
selves  to  certain  vulnerabilities,”  says 
Anthony  Bandos,vice  president  of  informa¬ 
tion  security  and  the  exploit-management 
team  at  Countrywide  Financial  in 
Callabasas,  Calif. 

Countrywide  Financial,  which  has  more 
than  1 ,400  branches  and  800  offices  nation¬ 
wide,  deploys  a  range  of  scanners,  includ¬ 
ing  the  commercial  tools  Preventsys, 
Foundstone  and  Nexpose,  as  well  as  free¬ 
ware  tools  nmap  and  Nessus. 

Running  multiple  tools  that  purport  to  do 
the  same  thing  helps  nullify  false  positives 
that  may  come  up,  Bandos  says.  ■ 


ADVERTORIAL 


Getting  to  the  Core  of  Backup  Problems 

By  eliminating  network  congestion,  ForcelO  curbed  the  unpredictable  backup  times  hurting  this  insurance  firm’s  productivity. 


"It  was  difficult  to  explain  to  our 
executive  group  that  we  couldn't 
reliably  predict  how  long  the  backup 
would  take." 

Colin  Hines 

Senior  Administrator  of  Network  and  Security  Infrastructure  at  Tower  Hill 


On  those  occasional  nights  when  the  backup  process 
for  Tower  Hill  Insurance  Group's  policy  management 
application  took  a  full  16  hours,  employees  arriv¬ 
ing  for  work  would  find  themselves  locked  out  of  the 
application.  "No  one  could  do  anything,"  says  Colin 
Hines,  Tower  Hill's  Senior  Administrator  of  network  and 
security  infrastructure.  "It  was  difficult  to  explain  to  our 
executive  group  that  we  couldn't  reliably  predict  how 
long  the  backup  would  take." 

Based  in  Gainesville,  Fla.,  and  with  offices  in  Ken¬ 
tucky,  Tower  Hill  is  a  leading  property  and  casualty 
insurer  providing  coverage  for  homes,  rental  proper¬ 
ties,  personal  automobiles,  and  commercial  property  to 
500,000  policy  holders  in  Florida.  The  company  has  a 
Web-enabled  IT  and  billing  infrastructure  that  supports 
its  400  employees  and  enables  it  to  attract  new  agents 
and  cost  effectively  scale  its  business. 


Each  night  Tower  Hill  backs  up  data  relating  to 
policies  and  claims  -  about  4  terabytes.  With  the  total 
volume  of  company  data  doubling  every  two  years  and 
hitting  15  terabytes  this  year,  the  strain  on  the  network 
began  to  show.  In  particular,  the  time  needed  to  back 
up  its  business-critical  policy  management  application 
became  unpredictable. 

To  ensure  data  integrity,  IT  first  backs  up  the  appli¬ 
cation  to  capture  daily  changes,  then  runs  an  update 
process  that  inserts  information  such  as  policy  renewal 
dates,  and  then  backs  up  the  application  again.  While 
the  update  process  completed  in  a  predictable  time- 
frame,  each  backup  took  anywhere  from  four  to  seven 
hours.  On  average,  the  three-stage  backup  and  update 
process  required  13  hours.  When  backup  times  ran 
longer,  employees  arriving  for  work  were  locked  out 
of  the  system. 


Logical  diagram  of  Tower  Hill’s  primary  network  in 
Gainesville,  Florida,  and  remote  disaster  recovery  site 
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Ripple  Effects 

The  network  became  the 
first  thing  the  server  group 
blamed  for  the  varying 
backup  times,  Hines  notes, 
since  they  could  easily 
check  out  their  equipment. 
Hines,  on  the  other  hand, 
was  spending  25  to  30 
percent  of  his  time  moni¬ 
toring  and  troubleshooting 
the  network,  and  finding 
work  arounds  to  conges¬ 
tion  problems.  When  he 
determined  that  the  volume 
of  data  coming  into  blades 
on  his  two  core  routers  was 
greater  than  the  blades' 
connection  to  the  routers' 
backplanes,  he  helped  the 
server  team  work  around 
the  oversubscription  prob¬ 
lem  by  balancing  where 
servers  plugged  into  the 
network. 

It  bought  them  some 
time.  But  it  meant  Hines 


needed  to  direct  the  server  team  each  time  a  new 
server  was  brought  on  line.  The  unpredictable  backup 
times  impacted  IT  in  other  ways,  as  well.  Routine 
maintenance  and  software  releases,  for  example,  had 
to  be  done  on  weekends  as  it  was  impossible  to  do 
them  at  night. 

With  traffic  volumes  continuing  to  escalate,  Hines 
knew  something  had  to  give.  "Our  core  couldn't  han¬ 
dle  the  amount  of  data  we  were  pushing  through  it," 
he  says.  "And  I  want  the  network  to  be  something  you 
can  just  plug  into  and  it  goes."  It  was  time  to  upgrade 
the  network  core. 

Wanted:  Performance  and  Reliability 

When  Hines  began  evaluating  new  core  devices, 
he  knew  what  he  wanted.  "We  buy  best  in  breed," 
he  notes.  "We  needed  line-rate  throughput,  non- 
blocking  gigabit  interfaces,  and  access  lists.  And  we 
needed  reliability." 

Tower  Hill's  search  for  a  new  core  router  led  them 
to  ForcelO.  Hines  installed  a  Forcel 0 TeraScale  El 200 
switch/router  in  early  2005  and  has  watched  the  com¬ 
bined  time  for  both  pre-  and  post-update  backups  of 
the  policy  management  application  drop  to  a  consistent 
2.5  hours.  What  used  to  be  a  13  hour  or  more  backup 
and  update  process  is  now  routinely  done  in  five. 

"One  of  the  really  attractive  things  about  the  Forcel  0 
El  200  is  that  it's  full  rate  line  speed,  non-blocking.  It's 
not  oversubscribed,  as  were  other  core  switches  I  eval¬ 
uated,"  says  Hines.  Each  server  now  has  true  gigabit 
access  to  every  other  server  and  device  on  the  network. 
In  addition,  the  El  200  supports  active  redundant  links 
with  immediate  failover  if  one  link  fails.  As  a  result, 
each  Tower  Hill  server  with  dual-gigabit  interfaces  has 
a  2-Gbps  connection  to  the  core  whereas  the  previous 
core  routers  only  supported  one  active  connection  in  a 
dual-homed  configuration. 

In  addition,  the  El 200  is  a  fully  redundant  system, 
ensuring  continuous  uptime  for  the  network.  And 
Hines  has  been  impressed  with  the  level  of  support 
ForcelO  provides.  "We're  a  moderate-size  business," 
he  notes.  "I've  never  had  support  this  excellent." 

Core  Benefits 

With  a  line-rate,  congestion-free  core  switch/router 
in  place,  Tower  Hill  is  assured  of  predictable  perfor¬ 
mance  from  the  network.  As  a  result,  backup  times 
have  been  dramatically  reduced,  ensuring  critical 
applications  are  always  available  during  business  hours 
and  freeing  IT  staff  to  perform  routine  maintenance, 
software  releases  and  other  tasks  in  the  evening  rather 
than  wait  until  weekends.  IT's  management  overhead 
has  also  dropped,  as  the  burden  of  ongoing  network 
monitoring  and  troubleshooting  has  been  eliminated. 

"ForcelO  gave  us  the  ability  to  exonerate  the 
network,"  Hines  says.  Tower  Hill  now  has  a  predictable 
network  with  plenty  of  headroom  to  accommodate 
ever  increasing  traffic  loads. 


For  a  FREE  white  paper  on  Forcel  0’s  data  center  vision  visit 

www.  n  ww.  com/f orce  1 0 
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bTget  the  facts. 

RADIOSHACK  COMPARED  TCO  AND  FOUND 
WINDOWS  SERVER  SYSTEM  WILL  SAVE 
THEM  MILLIONS. 

"In  upgrading  our  aging  UNIX-based  servers,  we 
considered  both  Windows  Server™  and  Linux. 
Windows  Server  System™  offered  several  advantages, 
including  the  ability  to  consolidate  our  in-store  servers 
by  50%  from  10,200  to  5,100 — and  a  savings  of 
several  million  dollars  in  hardware,  software,  systems 
management,  and  support  costs."  -Ron  Cook,  Vice 
President  and  CTO,  RadioShack  0  RadioShack. 

For  these  and  other  third-party  findings,  go  to 
microsoft.com/getthefacts 
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ENTERPRISE  COMPUTING 

WINDOWS  ■  LINUX  ■  SERVERS  STORAGE  S  GRID/UTILITY  fi  MOBILE  COMPUTING 

Managed  backup,  recovery  heats  up 


Managed  storage  sampler 

Back-up  and  recovery  services  support  a  mix  of  hardware  and  software  setups. 


Company 

Services 

Supported  environments 

AmeriVault 

Online  Back-up  Solution 

Windows,  NetWare,  Red  Hat,  Solaris, 
AIX,  HP-UX  servers 

Arsenal  Digital 
Solutions 

ViaBack  and  ViaRemote 

Windows,  Red  Hat,  Solaris,  AIX,  HP- 
UX  servers,  desktops,  laptops 

EVault 

InfoStage  and  EVault  Desktop 

Windows  servers,  desktops,  laptops 

Iron  Mountain 

Connected  DataProtector/PC,  Connected 
DataProtector/SV  and  LiveVault  InSync  and  InControl 

Windows,  Red  Hat,  Solaris  servers, 
desktops,  laptops 

BY  DENI  CONNOR 

Iron  Mountain’s  recently  announced 
acquisition  of  LiveVault  put  the  spotlight 
on  what  analysts  say  is  a  growing  market 
for  managed  back-up  and  recovery  ser¬ 
vices. 

A  recent  Gartner  survey  of  IT  managers 
showed  that  only  6%  said  they  would  not 
use  a  managed  service,  compared  with 
40%  two  years  ago. 

“I  am  seeing  a  resurgence  in  out¬ 
sourced  storage  services,”  says  Stephanie 
Balaouras,  senior  analyst  for  Forrester 


Short  Takes 


■  Sepaton  last  week  announced  en¬ 
hancements  to  its  S2100-ES2  Virtual 
Tape  Library  appliance,  including  in¬ 
creased  processing  power  and  sup¬ 
port  for  more  tape  drives  and 
libraries.  The  new  edition  can  be  con¬ 
figured  to  include  as  many  as  eight 
nodes,  whereas  the  previous  version 
maxes  out  at  two.  The  new  offering 
supports  as  many  as  eight  Fibre 
Channel  communication  paths  to 
back-up  and  memory  systems, 
whereas  the  earlier  edition  supported 
as  many  as  four.  The  S2100-ES2  now 
also  emulates  IBM  3592  and  3584  tape 
libraries.  An  entry-level  appliance 
with  4.8TB  of  storage  capacity  starts 
at  less  than  $45,000. 

■  Microsoft  last  week  released  to 
manufacturing  an  interim  update  to 
the  current  version  of  its  Windows 
Server  operating  system,  Windows 
Server  2003  Release  2.The  update, 
which  is  scheduled  to  be  available  in 
about  60  days,  is  designed  to  work 
closely  with  Microsoft’s  Virtual  Server 
2005,  Microsoft  Operations  Manager 
and  Systems  Management  Server  as 
part  of  Microsoft's  Dynamic  Systems 
Initiative.  Microsoft  released  the  first 
preview  of  Windows  Server  2003 
Release  2  in  August  and  another  in 
October.  Prices  for  the  update  will  be 
in  line  with  current  Windows  Server 
prices.  Windows  Server  licenses 
range  from  $400  for  a  Web  edition  to 
$4,000  for  the  enterprise  edition. 


Research. “Customers  are  looking  to  out¬ 
source  some  of  the  undifferentiated  stor¬ 
age  tasks,  such  as  backup  and  archiving.” 

Iron  Mountain  has  significantly  expand¬ 
ed  its  offerings,  moving  beyond  storage  of 
paper  records  and  tapes  to  online  back¬ 
up  and  recovery  services.  Last  year,  the 
company  added  vaulting  of  desktop  and 
laptop  data  to  its  portfolio  via  the  $117 
million  acquisition  of  Connected. 

The  $50  million  buyout  of  LiveVault 
adds  to  Iron  Mountain’s  arsenal  the  In- 
Sync  managed  back-up  and  recovery 
service  for  small  and  midsize  businesses 
and  InControl  back-up  and  recovery  ser¬ 
vice  for  remote  offices  of  large  compa¬ 
nies.  LiveVault  says  it  has  2,000  cus¬ 
tomers. 

Iron  Mountain  already  owned  14%  of 
LiveVault  and  has  resold  its  services  for 
the  past  five  years,  as  have  British 
Telecom  and  IBM  Global  Services. 

Managed  back-up  services  have  been 


Writing  is  certainly  a  most  unpleasant 
occupation.  It  is  lonesome,  unsanitary  and 
maddening.  Many  authors  go  crazy. 

—  H.  L.  Mencken 

The  time  certainly  has  flown  since 
December  1995,  when  Wired  Windows  first 
graced  the  pages  of  Network  World.  If 
Mencken  is  correct,  it’s  high  time  I  escaped 
before  the  madness  overtakes  me. 

After  10  years  and  more  than  400 
columns,  Wired  Windows  will  be  no  more. 

We’ve  come  a  long  way  in  that  time.  All 
three  columns  in  December  1995  dealt 
with  the  various  ways  to  connect  your  new 
Windows  95  desktops  to  the  various  Net¬ 
Ware  servers  (2.x,  3.x  and  the  brand-new 
4.0)  on  your  network.  NetWare  3.x  was  the 
dominant  server  operating  system,  and 
DOS  (sometimes  in  combination  with 
Windows  3.1)  was  still  dominant  on  the 
desktop,  but  “cutting-edge”  users  clamored 
for  OS/2.  We  were  still  questioning  whether 
Token-Ring,  FDDI  or,  possibly  ATM  would 


on  an  upswing  at  Iron  Mountain,  which 
says  revenue  from  that  business  has 
grown  20%  from  a  year  ago.  In  the  third 
quarter,  the  company  reported  $84  mil¬ 
lion  in  managed-services  revenue. 

Expect  further  market  consolidation  in 
the  months  to  come,  says  Dean  Good- 


replace  Ethernet  as  the  protocol  for  con¬ 
necting  the  desktop  to  the  network. 

That  same  month  Bill  Gates  “discovered" 
the  Internet  and  the  World  Wide  Web  — 
which  had,  in  fact,  been  doing  quite  well 
without  his  attention.  Redmond’s  nascent 
Microsoft  Network  (now  MSN)  was  more 
worried  by  AOL  and  CompuServe  than  the 
Internet.  Larry  Page  and  Sergey  Brin  had 
begun  collaboration  on  a  search  engine 
called  BackRub  (which  later  morphed  into 
Google), but  Internet  search  was  in  its  infan¬ 
cy  dominated  by  the  directories  at  Yahoo 
and  AltaVista. 

Identity  services,  now  considered  the  plat¬ 
form  needed  for  service-oriented  comput¬ 
ing,  hadn’t  yet  been  named.  There  were 
directory  services  (dominated  by  Novell’s 
NDS,  the  Netscape  directory  and  x.500)  but 
the  first  “killer  app,”  electronic  provisioning, 
wouldn’t  show  up  for  three  years. 

But  now  it’s  time  to  move  on.  My  bags  are 
packed,  and  I’m  ready  to  go.  Still,  I  don’t 
think  the  madness  has  completely  overtak¬ 
en  me  just  yet.  So  any  who  wish  to  watch 
my  progress  along  that  path  can  still  follow 
in  my  Network  World  newsletters:  “Identity 
Management”  (www.networkworld.com/ 
newsletters/dir/),  “Novell  NetWare  Tips” 


ermote,  CEO  of  data-protection  software 
and  services  company  NSI  Software. 

“There  seem  to  be  a  lot  of  rumblings  out 
there,”  he  says.“It’s  not  so  much  that  these 
companies  are  peaking,  but  together  var¬ 
ious  combinations  make  sense  in  going 
after  this  growing  market.”  ■ 


(www.networkworld.com/newsletters/net 
ware/)  and  the  newly  renamed  “Windows 
Networking  Strategies”  (www.network 
world.com/newsletters/nt/). 

Before  I  go,  though,  I’d  like  to  thank  editors 
in  chief  John  Gallant  (who  took  a  chance 
10  years  ago)  and  John  Dix,  as  well  as  the 
folks  who  have  edited  Wired  Windows  — 
Doug  Barney,  Paul  Desmond,  Paul 
McNamara,  Bob  Brown  and  my  current  edi¬ 
tor,  Michael  Cooney  —  for  their  support 
and  effort.  But  most  of  all,  thanks  to  you,  the 
readers.  Without  you  I  really  would  have 
gone  mad! 

Kearns,  a  former  network  administrator, 
is  a  freelance  writer  and  consultant  in 
Silicon  Valley.  He  can  be  reached  at  wired 
@vquill.com. 


Tip  of  the  Week 


■  If  the  newsletters  aren't  enough  to  fill  your 
need  to  read  Dave  Kearns,  there's  also 
www.vquill.com/  and  www.idnijoumal.com/  or 
feel  free  to  start  a  personal  conversation  at 
dkearns@vquill.com. 


Fun  makes  1 0  years  fly 


ProCurve  Networking 


HP  Innovation 


Find  out  how  to  meet  the  security  demands  of  WAN. 

Visit  the  Web  site  below  for  the  latest  7000dl  Series  promotions. 


DELIVER  A  MORE 
SECURE  W 


ProCurve  by  HP’s  new  Secure  Router  7000dl  Series  is  an  edge-to-edge 
solution  designed  to  meet  the  security  and  convergence  challenges  of 
wide  area  networks.  It  links  your  headquarters  and  branch  offices  no 
matter  how  remote.  And  it  delivers  what  you’ve  come  to  expect  from 
ProCurve — high  performance,  choice,  reduced  complexity  and  reliability 
backed  by  a  lifetime  warranty — all  at  an  impressively  affordable  price.  It’s 
the  newest  addition  to  a  growing  set  of  secure  ProCurve  Networking  solutions 
Expect  more  security  from  your  network.  Expect  it  more  affordably 


!4ar 

ProCurve  SECURE  ROUTER: 

7000dl  SERIES 

•  Open  standards  for  simplified  integration 

•  External  flash  ports  for  easier  setup 

•  Modular  design  for  adapting  to  change 
« Lifetime  warranty’ 


CALL  800-975-7684  Ref  Code  55  CLICK  www.hp.com/learn/procurve5  VISIT  your  local  HP  reseller 

'Litetime  warranty  applies  to  all  ProCurve  Products,  excluding  the  ProCurve  routing  switch  9300m  Series  and  Secure  Access  700wl  Series,  which  have  a  one-year  warranty  with  extensions  available.  ©2005  Hewlett-Packard  Development  Company,  L.P 
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APPLICATION  SERVE 

*  CRM  B  MESSAGING/COLLABORATION  B  WEB  SERVICES  B  ERP  B  E-COM  H  NETWORK  AND  SYSTEMS  MANAGEMENT 


Sierra  Pacific  taps  open  source  mgmt  tools 

Software  helps  company  tackle  network  management  across  50  distributed  locations. 


BY  DENISE  DUBIE 

For  Kevin  Nadin,  rolling  out  network- 
management  software  seemed  to  be  an 
all-or-nothing  proposition:  Either  hed  have 
to  spend  all  of  his  IT  budget  for  tools  or 
he’d  have  to  make  do  with  practically 
nothing  to  manage  his  network. 

The  network  administrator  for  Sierra 
Pacific,  a  wood-product  provider  headquar¬ 
tered  in  Andersen  City  Calif.,  realized  he 
needed  a  way  to  ensure  network  connec¬ 
tivity  and  server  health  across  50  distrib¬ 
uted  locations  without  manually  checking 
each  distributed  server  and  router.  In  busi¬ 
ness  since  1908,  the  company  in  2004 
decided  to  look  for  software  to  address  its 
traffic-heavy  network. 

Nadin  reports  his  wide-area  pipes  are 
consistently  bogged  down  with  traffic 
between  the  corporate  data  center,  which  is 
connected  viaT-1  lines  to  remote  manufac¬ 
turing  locations,  branch  offices  and  retail 


showrooms.  The  company’s  backbone  is 
typically  lGbps  Ethernet,  he  says. 

Adding  to  the  problem,  IT  staff  at  head¬ 
quarters  learned  of  downtime  in  the  worst 
possible  way  —  from  remote  end  users 
calling  to  complain  the  network  wasn’t 
performing. 

“We  have  a  pretty  widely  dispersed  net¬ 
work,  and  we  did  not  have  any  tool  in- 
house  to  proactively  monitor  it,”  Nadin  says. 
“I  was  looking  for  a  product  that  would  give 
me  a  fast  assessment  of  the  sites,  especially 
those  out  in  the  woods  where  the  network 
connection  is  not  as  robust.” 

With  a  growing  business,  Nadin  knew  it 
was  time  to  invest  in  network-management 
software  but  admits  he  wasn’t  sure  how  to 
get  there  with  traditional  management 
tools. 

“We  looked  at  HP  IBM  and  Microsoft,  but 
to  be  honest,  not  really  that  closely  once  we 

See  Sierra  Pacific,  page  30 


Watching  the  network 

Wood  product  provider  Sierra  Pacific  implemented  Groundwork  Monitor  4 
software  to  keep  tabs  24/7  on  manufacturing  and  other  remote  locations 
connected  to  the  corporate  data  center. 
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IT  staff  receives  reports  every  morning 
on  the  hesith  and  status  of  remote 
systems.  Baseo  on  the  reports,  users 
can  take  proactive  steps  to  prevent 
performance  problems. 
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Sierra  Pacific  installed  a  Linux- 
based  server  in  the  main  data 
center  and  loaded  it  with  Ground- 
Work  Monitor  4  software,  which 
accepts  data  collected  from  some 
60  Cisco  routers  and  30  Windows 
servers  distributed  across  the 
West  Coast. 


Cisco  routers  Windows  servers 


The  company  also 
installed  System 
Intrusion  Analysis 
and  Reporting 
Environment 
(SNARE)  software 
agents  on  remote 
Windows  servers  to 
gather  health 
statistics  and  deliver 
data  back  to  the 
Groundwork 
Monitor  server. 


Short  Takes 


Novell  adds  self-service 
to  provisioning  platform 


■  SOA  Software  has  acquired  a  main¬ 
frame  Web  services  development  and 
deployment  platform  from  Merrili 
Lynch  that  the  company  will  add  to  its 
portfolio  of  Web  services  infrastruc¬ 
ture  software.  Financial  terms  of  the 
deal  were  not  disclosed.  Merrill  Lynch 
began  building  its  X4ML  platform  in 
2001  to  expose  its  legacy  Customer 
Information  Control  System  applica¬ 
tions  as  integration-ready  Web  ser¬ 
vices.  The  New  York  financial  services 
company  now  runs  600  Web  services 
processing  1.5  million  transactions  per 
day  on  the  system.  The  platform 
enables  mainframe  applications  to 
expose  and  consume  Web  services, 
making  it  easier  to  integrate  them  with 
modern  applications  in  a  service-ori¬ 
ented  architecture.  SOA  Software 
intends  to  sell  X4ML  as  a  stand-alone 
product  called  Service  Oriented 


Legacy  Architecture,  which  will  be 
available  next  year,  with  pricing  start¬ 
ing  at  $125,000, 

■  JBOSS  has  added  to  its  Java  middle¬ 
ware  stack  by  acquiring  transaction 
processing  software  from  Arjuna  Tech¬ 
nologies  and  HP.  The  acquisition  marks 
a  shift  in  strategy  for  JBoss,  which 
until  now  has  acquired  or  partnered 
with  open  source  companies.  Arjuna’s 
software  is  proprietary,  but  JBoss  is 
making  the  products  it  acquired  open 
source,  says  Marc  Fleury,  JBoss  chair¬ 
man  and  CEO.  Transaction  engines 
help  manage  business  events  that 
need  to  occur  as  a  group.  For  example, 
a  bank  might  use  a  transaction  engine 
to  ensure  that  when  a  payment  is 
transferred  between  accounts,  the 
credit  and  debit  operations  are  com¬ 
pleted  successfully, 


BY  JOHN  FONTANA 

Novell  this  week  plans  to  roll  out  the  lat¬ 
est  version  of  its  provisioning  software, 
which  will  aid  users  in  automating  work- 
flows  and  easing  management. 

Identity  Manager  3.0,  a  component  of 
Novell’s  Identity  and  Access  Management 
suite,  helps  users  automate  account  cre¬ 
ation  and  manage  user  identities.The  soft¬ 
ware  includes  a  tool  to  configure  auto¬ 
mated-approval  workflows,  an  interface 
for  user  self-service  provisioning,  a  set  of 
visual  configuration  tools  and  delegated- 
administration  features. 

Novell  has  not  had  a  major  release  of 
Identity  Manager  since  January  2004.  The 
company  is  upgrading  at  a  time  when 
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competitors  have  been  trying  to  build 
identity-management  suites  through 
acquisition;  Novell  has  largely  built  its 
technology  from  the  ground  up. 

The  new  features  of  Identity  Manager 
are  catching  the  attention  of  users.  Brian 
Hobbs,  IT  director  for  Powat,  Calif.,  manu¬ 
facturer  Hunter  Douglas,  plans  to  roll  out 
the  delegated-administration  features. 

“We  are  a  very  distributed  organization 
with  administrators  in  30  locations,”  says 
Hobbs.  “We  can  set  up  pages  for  them  to 
go  and  help  manage  our  identity  vault.” 
Hobbs  also  has  his  eye  on  the  new  work- 
flow  features  as  part  of  the  company’s 
phased  rollout  of  Identity  Manager  3.0. 

“We  want  a  system  that  when  someone 
requests  access  to,  say,  our  data  ware¬ 
house,  we  can  auto-generate  that  message 
and  set  up  an  approval  workflow.  Right 

See  Novell,  page  30 
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A  new  lace,  not  unlike  the  old  one? 


NET  INSIDER 

Scott  Bradner 


I’ve  been  pondering  the 
AT&T/SBC  meld  for  a  while,  most¬ 
ly  with  derision.  For  example,  see 
“Oedipus  techs”  (www. network 
world.com,  DocFinder:  1231). 

The  combination  —  called  a 
merger  on  the  new  AT&T  Web 
page  (www.att.com)  but  rather 
much  more  of  an  acquisition, 
along  the  lines  of  buying  an  old 
Victrola  record  player  at  a  yard 
sale  —  became  final  on  Nov  18. 
The  new  company  counter  to  my 


expectations,  has  taken  the  name 
AT&T  and  adopted  a  logo  that  is  a 
more  colorful  version  of  the  old 
AT&T  “Death  Star"  In  other  words, 
SBC  has  put  on  a  new  image,  very 
much  along  the  lines  of  the  face 
transplant  given  to  a  French  dog 
bite  victim  fewer  than  10  days 
later. 

Reading  the  news  coverage  of 
the  French  operation,  I  was  struck 
by  some  amazing  coincidences 
(to  follow  the  lead  of  an  old  TV 
routine)  between  the  two  events. 
The  doctors  took  the  face  off  a 
brain-dead  donor  and  put  it  on  a 
person  who  was  in  rather  bad 
shape.  That  is  pretty  much  what 
happened  with  AT&T  and  SBC.  If 
AT&T  was  not  brain-dead,  it  was 
clearly  in  an  advanced  state  of 
brain  decay  For  years,  it  had  not 


done  anything  technically  or  in 
the  realm  of  business  that  would 
indicate  to  an  outside  observer 
that  there  was  much  more  than 
the  autonomic  nervous  system 
working  anymore.  At  the  same 
time,  SBC  was  no  Charles  Atlas; 
instead,  it  was  well  on  its  way  to 
being  the  90-pound  weakling.  I 
should  note  that  there  were  lin¬ 
gering  pockets  of  neural  function 
left  in  AT&T:  One  of  these  was  its 
very  good  Washington,  D.C.,  lobby¬ 
ing  effort,  which  spent  much  of  its 
time  trying  to  counterbalance  the 
greed  of  companies  such  as  SBC. 
I  do  not  expect  that  effort  is  long 
for  this  world. 

The  headline  on  a  New  York 
Times  story  about  the  French 
operation  said  that  the  woman  got 
“a  new  face,  not  unlike  the  old 


one.”  Not  unlike  the  old  one, 
because  many  characteristics  of 
the  new  face  would  be  guided  by 
the  underlying  bone  structure  of 
the  recipient.  I  fully  expect  that 
the  new  AT&T  will  think  —  if  that’s 
the  right  word  —  and  act  just  like 
the  old  SBC. 

The  Washington  Post's  report  on 
the  medical  story  noted  that  “no 
bones  were  transplanted  during 
the  operation.”  It’s  not  clear  that 
there  were  many  bones  left  in  the 
old  AT&T  that  could  have  been 
transplanted,  but  there  is  no  indi¬ 
cation  that  any  were. 

It  now  develops  that  the  dog 
may  have  been  trying  to  wake  the 
woman  from  the  effects  of  a  sui¬ 
cide  attempt.  It  is  hard  to  count 
the  number  of  times  that  the  old 
AT&T  did  things  that  just  about 


killed  it.  AT&T  finally  succeeded. 
Now  all  that  is  left  is  a  black  and 
blue  logo  that  is  the  face  of  the 
new  company,  just  like  the  report¬ 
edly  black-and-blue  face  of  the 
French  woman.  I  hope  that  she 
does  better  with  her  new  face 
than  I  expect  the  new  AT&T  will 
(unless  Congress  interrupts  the 
fate  that  economic  Darwinism 
would  otherwise  dictate). 

Disclaimer:  Harvard  is  thinking 
about  a  new  face  (see  www. 
allston.harvard.edu/)  to  comple¬ 
ment,  rather  than  replace,  the  old 
one,  but  the  above  commentary 
on  new  faces  is  my  own. 

Bradner  is  a  consultant  with 
Harvard  University’s  University 
Information  Systems.  He  can  be 
reached  at  sob@sobco.com. 


Novell 

continued  from  page  29 

now,  the  process  is  15  to  20  phone  calls,”  he 
says. 

The  approval  workflow  is  part  of  Identity 
Manager’s  separate  Provisioning  Module.  It 
lets  a  user  request  access  to  an  application 
using  a  self-service  portal,  another  new  fea¬ 
ture  of  the  software. 

A  workflow  based  on  the  user’s  title  and 
manager’s  name  is  initiated  to  manage  com¬ 
pletion  of  the  request.The  workflow  can  be 
configured  with  exceptions  so  it  does  not 
stall  if  someone  within  the  process  is  out  of 
the  office. 

Novell  also  has  built  on  an  import  feature 
that  lets  users  import  into  Identity  Manager 
3.0  all  the  workflow  and  directory  map¬ 
pings  they  defined  in  Version  2.0  of  the 
product. 

Version  3.0’s  Audit  Starter  Back  lets  users 
automatically  generate  compliance  reports 
that  show  user  access  to  applications  and 
services. There  is  also  a  white  pages  feature 
with  an  organizational  chart. 

Novell  also  has  included  a  graphical 
modeling  tool  for  mapping  out  the  con¬ 
nections  between  systems  and  defining 
rules,  such  as  synchronization,  for  how 
they  integrate. 

A  what-if  feature  allows  for  testing  before 
something  goes  live  on  the  network.  Users 
can  reuse  workflow  configurations  using  a 
drag-and-drop  feature  within  the  configura¬ 
tion  model. 

“Large  enterprises  will  have  hundreds 
of  enterprise  applications,  and  if  you  have 
to  go  build  policies  for  each  of  those 
individually,  even  though  the  approval 
process  is  exactly  the  same  for  each  one, 
that  is  the  high  cost  of  deployment  that 
we  are  trying  to  alleviate,”  says  Simon 


Vining,  team  lead  for  identity-product 
marketing  at  Novell. 

Novell  Identity  Manager  3.0  is  available 
now.  Novell  is  offering  a  combination  of 
Identity  Manager  3.0  and  the  Provisioning 
Module  for  $30  per  user  identity  and 
$95,000  per  instance  of  the  software  on  a 
server.B 


Sierra  Pacific 

continued  from  page  29 

saw  the  price,”  Nadin  says.“There  is  a  point 
when  exploring  IT  purchases  that  you  ask 
yourself,  ‘Is  this  really  where  I  want  to 
spend  all  my  money?”’ 

That’s  when  Nadin  came  across  Ground- 
Work.  Groundwork  bases  its  Monitor  4  soft¬ 
ware  on  Nagios,  an  open  source  network- 
management  application,  and  says  the 
price  for  Monitor  4  covers  mostly  support 
and  services. 

Nadin  agrees,  having  signed  up  for  a 
$16,000-per-year  subscription  for  the  soft¬ 
ware  in  January  and  rolling  it  out  soon 
afterward.The  software  is  set  up  to  monitor 
60  Cisco  routers  and  30  Windows  servers 
across  the  company’s  locations. 

Monitor  4  runs  on  a  Linux  server  with 
memory  in  disk  and  can  be  used  with  or 
without  agents.  The  agent  option  uses  a 
Perl  script  that  runs  on  managed  devices 
and  extracts  management  information 
from  the  devices’  Management  Informa¬ 
tion  Base  to  send  to  the  central  server. 
Customers  also  can  write  plug-ins  specific 
to  their  environment  to  broaden  the  soft¬ 
ware’s  monitoring  capabilities. 

In  Nadin’s  case,  he  installed  System 
Intrusion  Analysis  and  Reporting  Environ¬ 
ment  (SNARE)  open  source  software 
agents  to  collect  data  from  the  Windows 
servers.  He  also  installed  an  open  source 
plug-in  on  another  Wndows  server  in 
Sierra  Pacific’s  data  center  to  process 
Windows  Management  Instrumentation 
(WMI)  scripts,  which  monitor  Exchange 
and  SQL  servers. 

Nadin  now  comes  to  work  in  the  morn¬ 
ing  expecting  an  up-to-date  status  report 
on  all  locations.  He  says  he  hasn’t  officially 
quantified  any  performance  improve¬ 


ments,  but  with  Monitor  4  in  place  he  can 
work  on  potential  problems  before  end 
users  are  aware  they  exist.  For  instance, 
one  alert  showed  him  a  network  connec¬ 
tivity  problem,  which  required  he  contact 
the  ISP  to  address  the  issues  with  the  T-l 
line  to  that  location. 

“We  needed  to  be  more  aware  of  our 
network,  not  sitting  here  waiting  to  hear 
from  other  locations  about  the  network  we 
manage,”  Nadin  says. 

He  doesn’t  expect  to  expand  the  imple¬ 
mentation  of  Monitor  4,  because  Sierra 
Pacific  doesn’t  keep  IT  staff  at  remote  loca¬ 
tions.  But  he  would  like  to  see  Ground- 
Work  add  more  features  in  upcoming 
releases. 

“Open  source  works  for  us  because  of  its 
flexibility  and  configurability,  but  the  ven¬ 
dor  could  offer  some  features  we  can’t  put 
in  the  software  ourselves,”  he  says.  “Auto¬ 
discovery  would  be  the  first  on  my  list  of 
must-haves  going  forward.” 

At  this  point,  Nadin  “says,  if  he  wants  to 
add  a  router  that  will  be  managed  by 
Monitor  4  he  must  do  so  manually  The 
company  plans  to  incorporate  a  feature 
that  would  enable  automatic  discovery  of 
new  network  devices  and  servers.  Other¬ 
wise,  Groundwork’s  plans  —  to  boost  the 
user  interface  and  integrate  with  more 
help  desk  tools  in  an  upgraded  release  in 
2006  —  appeal  to  Nadin. 

He  would  also  like  to  be  able  to  collect 
security  logs  with  the  software. 

“We’re  just  two  people  trying  to  stay  on 
top  of  all  this,  so  to  be  able  to  have  the 
product  manage  network  and  security 
logs  would  really  help,”  he  says.H 
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Today,  James  configured  six  critical  servers  in 
six  different  states 


all  before  lunchtime  in 


With  Avocent  data  center  management  solutions,  the  world  can  finally  revolve  around  you.  Avocent 

DSView"  3  management  software  gives  you  a  secure,  centralized  point  of  control  -  whether  your  server  rooms  are 
across  the  hall  or  across  the  nation.  With  more  than  20  years’  experience,  Avocent  offers  multi-platform,  multi-device  access 
that  fits  seamlessly  into  your  multi-tasking  lifestyle.  You  can  manage  critical  servers,  networks  and  more,  all  from  a  single 
interface.  And  you  can  do  it  from  any  location.  Avocent  helps  you  save  time,  improve  efficiencies  -  and  brag  a  little  too. 


For  one-stop  information  on  improving  data  center  practices,  visit 
www.avocent.com/kvmbpg 


Avocent,  the  Avocent  logo,  The  Power  of  Being  There  and  DSView  are  registered  trademarks  of  Avocent  Corporation.  All  other  trademarks  or  company 
names  are  trademarks  or  registered  trademarks  of  their  respective  companies. 


Citrix  NetScaler 

makes  any  application 

run  up  to 

15  times  faster 

for  anyone,  anywhere. 


Every  day,  leading  Global  2000  enterprises,  including 
the  five  largest  e-businesses  in  the  world,  rely  on 
Citrix®  NetScaler!J  solutions  to  dramatically  accelerate 
application  performance.  All  without  adding  servers, 
bandwidth,  or  consultants.  Perhaps  that’s  why 
Citrix  NetScaler  application  delivery  systems  are 
rated  #1  in  customer  satisfaction  among  Layer 
4-7  networking  vendors.  See  what  Citrix  NetScaler 
can  do  for  you  at  www.citrix.com/netscaler 
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New  service 
to  help  ISPs 
monitor  'Net 

BY  JIM  DUFFY 

Internet  monitoring  company  Renesys 
this  week  is  expected  to  announce  a  ser¬ 
vice  designed  to  provide  ISPs  with 
detailed  visibility  into  Internet  behavior. 

Renesys  Internet  Intelligence  Services 
are  Web-based  offerings  that  give  service 
providers  a  view  of  Internet  routes  in  real 
time  from  multiple  vantage  points  around 
the  world.  Each  view  provides  different  lev¬ 
els  of  detail,  which  are  intended  to  assist 
service  providers  in  making  business  deci¬ 
sions  regarding  their  own  services. 

The  Renesys  offering  is  designed  as  a 
value-added  service  on  top  of  the  Internet 
access  services  ISPs  already  provide.  To 
attract  and  retain  customers,  ISPs  need  a 
level  of  “intelligence”  about  the  Internet 
from  both  an  operational  standpoint  — 
real-time  information  about  their  own  net¬ 
works  —  as  well  as  a  competitive  stand¬ 
point  —  real-time  information  about  the 
performance  of  competitors,  Renesys  says. 

The  Renesys  services  are  a  set  of  three 
See  Renesys,  page  35 


Short  Takes 


■  MCI  last  week  introduced  a  secu¬ 
rity  risk  management  service  to  help 
enterprises  take  proactive  action 
against  system  threats  and  vulnera¬ 
bilities.  The  NetSec  Security  Risk 
Management  Service  will  correlate 
and  calculate  diverse  threats  across 
an  enterprise,  using  a  scorecard- 
based  approach  that  allows  users  to 
prioritize  and  resolve  security  risks, 
MCI  said.  The  service  will  be  avail¬ 
able  to  U.S.-based  companies, 
including  multinationals,  beginning  in 
January  and  to  European  companies 
in  the  second  half  of  next  year,  MCI 
said.  Pricing  has  not  been 
announced.  The  service  is  based  on 
MCl’s  Finium  security  integration 
platform,  which  aggregates  input 
from  devices,  correlates  it  with 
worldwide  intelligence  and  integrates 
it  into  higher-level,  risk-relevant  secu¬ 
rity  information. 


Illinois  project  saves  millions 


OC-12,  Qwest 
622MB 


BY  CAROLYN  DUFFY  MARSAN 

The  state  of  Illinois  will  reap  $7  million 
per  year  in  savings,  thanks  to  a  network 
consolidation  effort  that  involved  merging 
traffic  from  two  data  networks  into  a  single 
IP  backbone. 

Illinois  migrated  traffic  from  an  older, 
frame-relay  network  that  supported  most 
state  agencies  to  a  newer  network  that  pro¬ 
vided  Internet  access  to  K-12  schools,  col¬ 
leges  and  libraries.The  combined  network, 
known  as  the  Illinois  Century  Network,  was 
upgraded  to  use  MPLS  technology 

Dubbed  Project  Hercules,  this  network 
consolidation  is  part  of  a  broader 
statewide  initiative  to  eliminate  redundant 
IT  resources.  During  the  past  two  years, 
Illinois  has  saved  $210  million  by 
improving  IT  governance  through 
centralized  purchasing,  data  center  Qu jnCy 

consolidation  and  shared  services 
such  as  telecom  networks. 

“What  we  saw  was  an  opportu¬ 
nity  to  better  utilize  a  network 
that  was  doing  a  great  job  of  pro¬ 
viding  capacity  to  our  schools  but 
had  a  lot  of  excess  bandwidth,”  says  Tony 
Daniels,  deputy  director  of  Central 
Management  Services  for  the  state  of 
Illinois.  “We  were  able  to  move  traffic  off  a 
non  state-owned  network  to  a  state-owned 
network.” 

Today  the  Illinois  Century  Network  has 
6,100  connections.  More  than  2  million 
Illinois  citizens  have  access  to  this  net¬ 
work,  which  links  4,800  K-12  schools;  114 
community  colleges;  213  universities;  470 
libraries;  30  museums;  72  healthcare  facili¬ 
ties;  and  more  than  2,000  municipal, 
county  and  state  government  offices. 

The  Illinois  Century  Network  provides 
high-speed  data,  video  and  voice  commu¬ 
nications.  It  offers  access  to  the  Internet 
and  Internet2  with  multiple  connections  at 
OC-12  or  higher  speeds.  The  network’s  17 
points  of  presence  are  linked  via  45Mbps 
connections. 

Launched  two  years  ago,  Project  Hercules 
was  a  logistical  nightmare.  The  effort 
involved  moving  1,600  circuits  off  a  frame 
relay  network  provided  by  SBC  to  the  state’s 
existing  Illinois  Century  Network. 

Meanwhile,  the  Illinois  Century  Network 
was  upgraded  with  carrier-class  routers  and 
increased  bandwidth  to  handle  the  extra 
traffic.  The  network  was  redesigned  to  be 
fully  redundant,  and  it  was  converted  to 


Illinois  Century  Network 

Major  overhaul  delivers  significant 
savings. 
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MPLS  with  QoS  technology 

“The  Illinois  Century  Network  was  previ¬ 
ously  a  Cisco-routed  network”  without 
MPLS,  Daniels  explains.  “We  came  in  and 
upgraded  the  backbone  links  to  OC-12  or 
higher  and  then  enabled  MPLS  on  the 
backbone.” 

Illinois  released  its  RFP  for  Project 
Hercules  in  October  2003  and  awarded  a 
contract  to  EKI  Consulting  in  February 
2004.  Other  bidders  included  BearingFbint 
and  Deloitte  Touche. 

EKI  subcontractor  WilTel  Communica¬ 
tions  handled  the  network  migration 
component  of  Project  Hercules,  earning 
$5  million  on  the  deal.  WilTel  conducted 
most  of  the  work  on  this  project  from 
January  through  June  2005. 

“WilTel  moved  1,600  circuits  in  a  six- 
month  time  frame.  Obviously  this  was  a 
huge  accomplishment  in  terms  of  acceler¬ 
ating  the  cost  savings  for  us,”  says  Daniels, 


who  leads  the  state’s  Bureau  of  Communi¬ 
cation  and  Computer  Services.“WilTel  actu¬ 
ally  got  the  job  done  on  time  and  under 
budget.” 

WilTel  handled  provisioning,  testing  and 
migration  of  1,600  newT-1  circuits  and  de¬ 
commissioned  the  frame-relay  circuits. 
The  company  upgraded  1,300  routers  to 
Cisco  2612  models.  WilTel  also  provided  a 
24/7  network  operations  center  to  aid  in 
the  transition  process.  This  coordination 
effort  was  the  most  challenging  piece  of 
Project  Hercules,  Daniels  says. 
“Coordinating  maintenance  windows 
between  more  than  20  state  agencies  that 
had  different  expectations  of  when  traffic 
could  be  cut  over  was  a  huge  effort,” 
Daniels  says.  “We  wanted  to  have  the  pro¬ 
ject  done  prior  to  the  end  of  the  fiscal  year, 
which  is  in  June.We  didn’t  have  a  lot  of  flex¬ 
ibility  in  terms  of  getting  the  work  done.” 

WilTel  says  Project  Hercules  was  its 
largest  network  migration  effort. 

“We  worked  with  a  large  enterprise  and 
did  provisioning  of  2,000  circuits,  but  we 
didn’t  do  the  physical  installation  on  that 
project,”  says  Greg  Klass,  professional  ser¬ 
vices  manager  for  WilTel.This  is  the  largest 
deal  where  we  did  all  of  it:  provisioning  and 
installation.” 

WilTel  expects  to  see  other  large  network 
migration  jobs  like  this  one  go  out  for  bid  in 
the  future. 

“This  deal  is  a  good  example  of  the  new 
trend  that’s  happening  out  there  where  a 
large  enterprise,  in  this  case  a  state  agency, 
is  making  the  move  off  legacy  telecom  ser¬ 
vices  over  to  next-generation,  converged 
network  services,” says  Paul  Savill.vice  pres¬ 
ident  of  data  services  for  WilTel. 

Although  WilTel’s  piece  of  Project 
Hercules  is  over,  testing  of  the  upgraded 
Illinois  Century  Network  continues.The  old 
frame  relay  network  will  be  turned  off  on 
Dec.  31. 

So  far,  the  state  of  Illinois  is  happy  with  its 
upgraded  network. 

“The  performance  of  the  new  network 
has  been  absolutely  wonderful,”  says 
Daniels,  who  points  out  that  the  network 
has  not  yet  suffered  an  outage.  ‘A  lot  of 
agencies  got  an  increase  in  bandwidth  on 
the  new  network.  We’ve  had  no  support 
issues.  We’ve  been  able  to  support  the  net¬ 
work  with  the  same  crew  of  individuals  that 
were  supporting  it  before  the  upgrade 
Things  are  working  fine.”B 
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Take  a  peek  at  the  net  geek’s  movie  portfolio 


Some  kids  are  born  to  be  net¬ 
work  engineers.  But  for  many 
of  us,  it  was  a  decision  shaped 
as  much  by  nurture  as  nature. 

And  nurture  included  things 
like  the  movies  we  watched 
and  the  books  we  read,  which 
engaged  our  minds  and  fired 
our  imaginations. 

So  just  in  time  for  the  holi¬ 
days,  I’ve  compiled  a  collection 
of  movie  and  television  clas¬ 
sics,  new  and  old,  that  various  networkers 
singled  out  as  “great  movies  for  network 
geeks.”The  process  was  decidedly  unscien¬ 
tific:  I  asked  associates  in  the  network 
industry  to  list  the  movies  (and  a  few  tele¬ 
vision  shows)  that  most  strongly  resonated 
with  them,  and  explain  why 
Chances  are  you  won’t  agree  with  all  the 
selections  (in  fact,  I’d  be  deeply  surprised  if 
you’ve  even  seen  them  all).  I’ve  probably 
left  out  your  favorites,  or  included  some 
that  you  hated.  Heck,  I’m  including  some 
that  I’m  not  crazy  about  or  haven’t  seen,  but 
that  my  respondents  rated  highly 
First  off  are  the  sci-fi  classics,  the  movies 
that  made  technology  cool,  celebrated  the 
maverick  and  the  rebel,  and  gave  geeky 
types  the  responsibility  of  making  universe¬ 
ending,  good-vs.-evil  decisions:  “Star  Wars” 
and  “Star  Trek,”  of  course,  and  lesser-known 
shows  such  as  the  “Babylon  5”  series,  “Red 
Dwarf,”  and  “Lexx.”  (OK,  those  last  two  are 
personal  favorites,  not  classics  . . .  but  if  you 
like  your  sci-fi  humor  black,  check  them 
out.)  “War  of  the  Worlds”  cropped  up  here 
on  the  grounds  that  its  depiction  of  what 


happens  when  the  bad  stuff 
comes  down  is  all  too  familiar 
to  IT  folks. 

Then  there  are  the  films  I’ll 
call  traditional  pro-science, 
which  celebrate  accomplish¬ 
ment  within  the  framework  of 
relatively  traditional  science 
and  engineering:  “Apollo  13” 
and  “October  Sky”  (a  true  story 
about  the  kids  in  a  West  Virginia 
mining  town  who  taught  them¬ 
selves  how  to  build  rockets). 

Next  is  a  broad  category  of  “mind-set  and 
sensibility”  movies  that  shaped  the  imagi¬ 
nation  of  a  generation:“Lord  of  the  Rings,’ ’of 
course,  and  “Mad  Max,”  “Brazil”  (about  an 
individual’s  stubborn  resistance  to  Big 
Brother)  and  the  original  “Solaris,”  which, 
while  beautiful,  is  the  most  incomprehensi¬ 
ble  movie  I’ve  ever  seen.  And  how  about 
brooding,  noir-ish  classics  like  “The  Matrix” 
and  “Pi”?  Or  the  sterile  world  of“Gattaca”? 

But  these  are  all  runners-up.  For  the  latest 
generation  of  up-and-coming  geeks  (and 
their  parents),  the  hands-down  winners 
were  the  “Harry  Potter”  movies,  which  were 
cited  more  than  any  others.  As  one  telecom 
researcher  with  a  doctorate  explains, 
“They’re  all  about  building  things  and 
exploring  strange  worlds.” 

Finally  there  are  the  mainstream  movies 
with  network  geek  appeal  —  movies  that 
aren’t  necessarily  tech-related  but  got  folks 
looking  differently  at  reality:  “Magnolia,” 
“Memento,” “Crash,” ‘A  Beautiful  Mind.”  And 
the  most  offbeat  suggestion:  “The  Grand 
Illusion,”  a  movie  that  was  banned  by  the 


EYE  ON  THE  CARRIER 
Johna  Till  Johnson 


Renesys 

continued  from  page  33 

offerings:  Routing  Intelligence,  Market 
Intelligence  and  XML  Connection. 

Routing  Intelligence  provides  information 
to  detect  and  correct  slowdowns  or  inter¬ 
ruptions  to  Internet  connections.  It  corre¬ 
lates  routing  information  across  different 
time  periods  and  from  multiple  sources, 
and  can  display  real-time  and  historical 
information. 

Routing  Intelligence  is  also  available  with 
an  option  that  provides  real-time  alerts 
when  networks  become  unreachable,  IP 
addresses  are  hijacked,  global  routes  are 
unstable  or  policies  are  violated. 

Market  Intelligence  provides  a  set  of 
reference-analysis  tools  to  enable  sales,  mar¬ 
keting,  business  development  and  peering 
personnel  to  monitor  and  evaluate  the 
Internet’s  competitive  landscape.  The  core 
of  Market  Intelligence  is  Renesys’  Internet 
Index,  a  database  of  information  compiled 
daily  from  the  Internet’s  global  routing 
tables  —  the  real-time  map  of  180,000  net¬ 
works  and  30,000  organizations  worldwide 


that  make  up  the  Internet. 

Renesys  says  this  data  contains  competi¬ 
tive  information  on  the  global,  national 
and  regional  rankings  of  all  service 
providers  based  on  the  number  and  qual¬ 
ity  of  customer  networks  they  help  con¬ 
nect  to  the  Internet.  Market  Intelligence 
also  provides  annotated  lists  of  service 
providers’  customers,  including  their  geo¬ 
graphic  distribution  and  an  analysis  of  the 
services  they  receive  from  competing 
providers. 

XML  Connection  is  a  set  of  APIs  that 
allows  users  to  integrate  real-time  XML  inter¬ 
network  monitoring  data  into  security  mon¬ 
itoring  systems. 

Renesys  Routing  Intelligence  starts  at 
$800  per  seat  per  month.The  History  option 
includes  three  years  of  past  data  for  an  addi¬ 
tional  $200  per  user,  per  month.The  alarms 
option  costs  an  additional  $250  to  $1,500 
per  seat  based  on  the  number  of  desired 
network  prefixes,  and  an  XMP  option  costs 
an  additional  $200  per  seat,  per  month. 

Market  Intelligence  starts  at  $1,000  per 
seat,  per  month.  XML  Connection  costs 
$15,000  to  $20,000  per  month.* 


Third  Reich  about  a  prison  break  during 
World  War  1 .  The  suggestion  refers  both  to 
the  “grand  illusion”that  technology  can  fun¬ 
damentally  change  the  world  and  the 
power  of  movies  (like  technology)  to  chal¬ 
lenge  authority 


Feel  free  to  let  me  know  what  we  missed. 

Johnson  is  president  and  chief  research 
officer  at  Nemertes  Research,  an  indepen¬ 
dent  technology  research  firm.  She  can  be 
reached  at  johna@nemertes.com. 


Corporate  data  centers  account 
for  more  than  50%  of  the 
average  company’s  power  costs. 
Let’s  Change  This.' 


Server  Facts: 


Maximize  capacity  with  dramatic  energy  efficiency  and 
amazing  cost  savings.  Introducing  the  Sun  Fire™  T1000  Solaris 
server  with  CoolThreads™  technology  for  extreme  throughput. 
Deliver  18  times  more  compute  threads  using  V4  the  power 
consumption  of  Xeon.  Reduce  the  number  of  servers  by  as 
much  as  3  to  1.  And  with  2  times  the  performance  for  web  tier 
applications,  meet  the  increasing  demands  on  your  network- 
all  while  looking  out  for  the  planet.  Visit  sun.com. 

Solaris  (share 
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&  2005  Sun  Microsystems,  Inc.  AH  rights  reserved. 

Base  Pricmq  IBM  pricing  based  on  configuration  with  1 X  Dual  Core  Xeon  3-06H;  processor  /  2GB  Memory  i  4  x  iGbE  ports  / 1  x  PSO  /  No  Disk  / 
SUSE  UNUX  Enterprise  Server  9  1-16  CPUs  &  Support.  lBM.com  pricing  ii/t4/U5  horn  hrtp'»://w.vw-t.ibm.con'/pioducr5,,hariTA.>fe 
coiifigurator/na  'ui-'siibmitConfigSelection.wss?!^  11U98O889146.  Sun  Fire  Ttooo  Solans  Server configuration  based  on  1  x  6  Core  UltraSPARC  • 
Tl  processor  at  l.oGHr  /  2GB  Memory  /  4  x  lGbf  ports  /  lx  PSU /  No  Disk.  IBM  X3f>6  product  Spec ifkafiom  from  brochure .  0ft/26/fe  http  //www- 
i32.ibn1.com/webapp/wcs/storesAerviet/Categ0rynispl3yTcatalogld-.  840&storeld=i&lang1<U  i&dua!Cuirtd-73&oiegoryld=258366C!. 
Power  consumption  readings  come  from  rating  of  power  supplies.  Sun  Fire  Ticoo  Solaris  server  maximum  power  -  2a0  Warts  Threads  per  r a<  * 
based  on  priced  configurations.  40  x  Sun  Fire  T1000  Solaris  Servers  delivering  24  threads  per  server  being  installed  into  a  rack  with  40RU  of  us 
able  space.  13  x  IBM  x3G6  servers  can  be  installed  per  rack  with  40U  of  usable  space.  Each  server  configured  with  2  x  Xeon  cores,  with  each  core 
delivering  2  threads  via  fiyprrthreading. 

’Based  on  estimated  relative  webserving  performance. 


SECUREIRCDN’S  MULTI-LAYER  DEFENSE  DELIVERS 
IRONCLAD  NETWORK-WIDE  PROTECTION 


oundry  s  Securelron  traffic  managers  and  SecurelronLS  LAN  switches  are  the  industry’s 
first  essential  building  blocks  for  network-wide  protection  against  emerging  high-speed 
attacks  including  intrusion,  Web,  Virus,  Spam,  VoIP  and  DNS  attacks. 


Securelron  Traffic  Managers  provide  seven-layer  security  at  the  perimeter, 
in  the  data  center,  and  inside  the  LAN.  They  extend  the  life  of  firewalls  by 
offloading  and  augmenting  with  high-performance  protection  against 
application  threats. 


SECLJREIRQN  1  □□ 
SECUREIRON  300 


SecurelronLS  LAN  Switches  extend  seven-layer  security  to  every  network  s 
edge  port  connecting  desktops  and  servers,  to  protect  against  DoS/DDoS, 
application  and  malware  attacks.  They  deliver  high-performance,  feature-rich, 
and  affordable  security  in  a  LAN  switch  with  a  choice  of  10/100,  Gigabit  and 
10  Gigabit  Ethernet  connectivity. 


SECURElRONLS  1D0-4802 
Secure  Iron  3D0-32GC10G 
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NETWORKS 

The  Power  of  Performance ™ 


FIND  OUT  MORE  ABOUT  THE  SECUREIRON  SERIES  AND  HOW  YOU  CAN  REDEFINE 
SECURITY  IN  YOUR  NETWORK.  LOG  ON  TO  WWW.FOUNDRYNET.COM 
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FOR  MORE  INFORMATION  PLEASE  CALL:  US/CANADA  1  SBS  TURBOLAN, 
INTERNATIONAL  +1  408.586.1700  OR  VISIT  OUR  WEBSITE  AT  WWW.FOUNDRYNET.COM 


Foundry  Networks,  Inc.  is  a  leading  provider  of  high-performance  Enterprise  and  Service  Provider  switching,  routing  and  Web  traffic  management  solutions  including  Layer  2/3  LAN  switches. 
Layer  3  Backbone  switches.  Layer  4-7  Web  switches,  wireless  LAN  and  access  points,  access  routers  and  Metro  routers.  Foundry’s  8,500  customers  include  the  world’s  premier  ISPs,  metro  service 
providers,  and  enterprises  including  e-commerce  sites,  universities,  entertainment,  health  and  wellness,  government,  financial,  and  manufacturing  companies. 

©  2005  Foundry  Networks®,  the  Foundry  logo.  The  Power  of  Performance™,  Foundry™,  and  Biglron®  RX  Series  are  trademarks  of  2005  Foundry  Networks,  Inc. 

All  Rights  Reserved.  All  other  marks  are  trademarks  of  their  respective  owners. 
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TtCHHBUMSY  UPDATE 

■  AN  INSIDE  LOOK  AT  TECHNOLOGIES  AND  STANDARDS 


Jini  builds  foundation  for  SOA 


HOW  IT  WORKS:  JINI 


Jini  network  technology  offers  a  service-oriented  architecture.  Here's  how  a 
client  finds  and  uses  a  service. 

Deployed 


□  Service  registers  with  lookup  service  and  uploads  a  serialized  service  proxy  to  lookup  service. 
El  Client  looks  up  service,  downloads  serialized  service  proxy. 

H  Client  downloads  service  proxy  codebase  and  deserializes  proxy. 

Q  Client  calls  service  through  downloaded  service  proxy. 


BY  ALEXANDER  KRAPF 

The  Jini  Technology  Starter  Kit  was 
recently  made  available  under  the  Apache 
License  2.0.  Jini,  best  known  as  a  network 
communications  technology,  also  is  a  ser¬ 
vice-oriented  architecture  with  advanced 
capabilities. 

In  a  nutshell,  an  SOA  allows  a  client 
application,  or  consumer,  to  use  a  service 
provided  by  another  application,  or  pro¬ 
vider.  This  usually  involves  some  form  of 
asynchronous  messaging  or  the  calling  of 
functions  in  applications  on  remote  sys¬ 
tems  (remote  method  invocation). 

In  addition  to  this  basic  SOA  capability, 
Jini  offers  such  features  as  platform  porta¬ 
bility,  mobile  code  and  platform  security  It 
is  easily  used  in  applications  with  access 
to  a  full  Java  2  Platform  Standard  Edition 
run-time  environment.  But  it  also  can  be 
used  on  tiny,  embedded  devices  and  in 
applications  written  in  non-Java  program¬ 
ming  languages. 

Jini’s  core  concept  is  services.  A  service 
is  a  Java  interface  that  defines  a  contract 
between  a  service  consumer  and  a  service 
provider.  Most  people  will  be  interested  in 
consuming  services  rather  than  in  pub- 


Got  great  ideas? 


■  Network  World  is  looking  for  great  ideas 
for  future  Tech  Updates.  If  you’ve  got  one, 
and  want  to  contribute  it  to  a  future  issue, 
contact  Senior  Managing  Editor,  Features  Amy 

Schurr  (aschuir@nww.com). 


lishing  them.  A  lookup  service  helps  you 
to  find  the  proper  service  instance. 

A  key  point  is  that  you  look  for  services 
based  on  their  type,  not  based  on  a  name 
or  a  uniform  resource  identifier. The  object 
that  is  returned  to  you  by  the  lookup  ser¬ 
vice  is  often  called  a  “service  proxy” 
because  it  acts  as  a  stand-in  for  the  service 
implementation  that  is  somewhere  else.  A 
service  proxy  is  responsible  for  all  com¬ 
munications  between  your  application 
and  a  service  implementation. 

One  of  Jini’s  most  powerful  features  is 
that  the  implementation  of  a  service  proxy 
does  not  need  to  be  deployed  on  a  service 
consumer;  instead,  it  can  be  securely 
downloaded  from  another  computer 
(called  “codebase  server”)  that  supplies 
the  current  implementation  of  your  ser¬ 
vice  proxy 

All  that  a  deployed  Jini  client  needs  is  a 
service  interface  and  its  directly  refer¬ 
enced  types.  A  Jini  service  client  can  be 
updated  efficiently,  because  the  service 
proxy  codebase  can  be  updated  on  the 
fly,  and  newly  connecting  clients  will 
pick  it  up  automatically.  Jini  will  com¬ 
bine  a  proxy  codebase  (retrieved  from  a 
codebase  server)  and  service  data 
(called  a  “serialized  proxy”  and  kept  by 
the  lookup  service)  to  provide  you  with 
your  service  proxy. 

Jini  has  a  pluggable  infrastructure  that 
allows  users  to  integrate  with  any  commu¬ 
nications  protocol  with  relative  ease.  The 
service-proxy  type  does  not  necessarily 
have  to  talk  to  service  implementations. 
One  way  to  easily  create  smart  clients  is  to 
have  a  service  proxy  that  executes  some 


method  calls  on  a  client  and  delegates 
others  to  a  server.  Client/service  commu¬ 
nications  can  use  any  protocol. 

The  lease  concept  is  important  to  Jini’s 
reliability  and  resilience.  All  service  prox¬ 
ies  are  leased. The  lease  concept  reflects 
the  assumption  that  services  will  fail  and 
communications  will  be  interrupted.  In 
order  to  remain  available,  a  service  needs 
to  continually  update  its  registration 
using  convenient  utility  types.  If  it  fails  to 
do  so,  it  is  evicted  from  the  system  and 
will  not  be  available  to  clients  anymore. 


Clients  can  discover  only  available  ser¬ 
vices.  The  distributed  application  essen¬ 
tially  detects  partial  failures  and  takes 
routes  around  them.  As  long  as  necessary 
services  are  deployed  redundantly,  a  Jini 
application  is  almost  automatically  self- 
healing. 

All  Jini’s  features  together  combine  for 
an  attractive  SOA. 

Krapf  is  president  and  co-founder  of 
CodeMesh,  Inc.  He  can  be  reached  at 
alex@codemesh.  com. 


Ask  Dn  Internet  By  Steve  Blass 


Editor's  note:  quote  marks  are  used  here  to  show 
beginning  and  end  of  script  statements. 

I  need  to  update  a  MySQL  database  in  response 
to  a  Web  form  submission  that  uses  Perl.  I  know 
the  basics  of  Perl,  and  the  Web  site  provides  the 
database  connectivity  modules  for  Perl,  but  I 
need  some  help.  What  are  the  basic  steps  for 
performing  a  database  update  with  Perl? 

This  involves  gathering  up  the  form  field  data  from 
the  submission,  constructing  the  SOL  statement  you 


want  to  send  to  the  database,  opening  the  connection, 
sending  the  command,  reading  the  results  and  deliver¬ 
ing  a  response  to  the  user.  You  will  want  to  include  the 
statements  “use  CGI”  and  “use  DBI"  at  the  beginning 
of  your  script  so  you  can  easily  read  the  form  fields 
and  talk  to  the  database.  Form  data  is  retrieved  by 
using  statements  such  as  "my$variablevalue=CGI:: 
param(‘formfieldname')".  Creating  the  SOL  statement 
can  be  accomplished  by  building  up  a  Ssqlstring 
variable. 

To  open  the  database  connection,  use  a  statement 
such  as  “$db=DBIconnect(‘DBI:mysql:mydata- 


base','user','pw')".  Sending  the  command  to  the  data¬ 
base  takes  two  statements,  “$output=$db->prepare 
(Ssqlstring)"  and  “$output->execute".  Reading  the 
results  uses  a  loop:  “while  ($result=$output->fetchrow 
())  (print  “$result”;}".  After  reading  the  results,  you  close 
the  database  connection  with  “$output->finish".  From 
there,  you  can  use  print  statements  to  create  the  HTML 
output  to  send  back  to  the  browser. 

Blass,  a  network  architect  at  Change@Work  in 
Houston,  can  be  reached  at  dr.internet@changeat 
work.com. 
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A  good  tool  to  manage  e-mail 


A  few  weeks  ago  I  wrote  about  the 
free,  Web-based,  open  source  image 
gallery  called  Coppermine.  Many  of 
you  wrote  asking  to  see  the  gallery 
we  put  online  using  this  software  (if 
you  want  to  see  it,  drop  us  a  note 
with  the  subject“Photos”),and  we’ve 
had  many  favorable  comments. 

Reader  David  Hekimian  wrote  in  to 
suggest  we  look  at  Gallery  another 
free,  open  source  photo  gallery  sys¬ 
tem.  We  played  with  Release  1 .0  long 
ago  and  forgot  about  it  until  David 

Of  course, a  good  open  source  project  isn’t  going  to  stand 
still  and  Gallery  is  no  exception.  Now  at  Version  2.0,  Gallery 
is  really  impressive.  We’ll  be  taking  a  look  at  it  soon. 

<digression>ln  the  Coppermine  column,  we  offered  our 
recipe  for  soy-brined  turkey  and  scores  of  you  wrote  in 
requesting  a  copy  (you  can  still  get  one  by  sending  us  a 
message  with  the  subject  “Turkey”).  If  you  have  tried  this 
recipe,  drop  us  a  note  and  tell  us  what  you  thought.  Maybe 
we  should  create  a  Gearhead  Cookbook  . .  .</digression> 
Now-Back-to-Our-Regular-Programming  Department:  With 
all  of  these  messages  flooding  in  asking  for  links  to  the 
gallery  and  copies  of  recipes,  as  well  as  voting  for 
Backspin’s  Golden  Turkey  Awards  (if  you  haven’t  voted  yet, 
check  out  the  poll  in  the  online  article  or  stir  it  up  on 
Gibbsblog  in  the  Golden  Turkey  forum  at  www.network 


world.com,  DocFinder:  1235),  the  issue  of  email  manage 
ment  once  again  raises  its  ugly  head. 

There  used  to  be  a  sensational  product  for  managing  e 
mail  called  Emailrobot  that  was  published  by  GFl.but  the 
company  sold  it  to  another  company  that  must  have 
buried  it  in  soft  peat  to  recycle  it  as  firelighters  (if  you  don’t 
get  that  last  bon  mot,  send  us  a  message  with  the  subject 
“THHGTTG”). 

Using  the  product’s  GUI,  you  could  define  workflows  to 
parse  incoming  SMTP  message  content  and  conditionally 
route  e-mail  and  generate  sophisticated  replies  with 
embedded  tracking. 

Emailrobot  was  a  great  product;  we  have  yet  to  come 
across  anything  quite  as  good.  If  you  know  of  something 
you’d  recommend,  we  would  love  to  hear  about  it. 

In  our  quest  for  tools  to  manage  e-mail, specifically, to  find 
ways  to  stop  Outlook  from  becoming  a  dead  end  for  mes¬ 
sages  (the  program’s  export  feature  is  pathetic),  we  came 
across  a  product  that  we  now  recommend  highly:  Aid4Mail 
from  Fookes  Software. 

Aid4Mail  is  effectively  an  e-mail  format  transcoder  and 
message-management  tool  kit.The  transcoding  part  comes 
from  Aid4Mail’s  ability  to  read  and  write  a  huge  number  of 
e-mail  formats,  including  Extended  MAPI  systems,  which 
means  Outlook  (all  versions  except  Outlook  97)  and 
Windows  Messaging  and  Exchange  clients,  Outlook 
Personal  Storage  files  and  MSG  files,  Outlook  Express 
(Versions  4,5  and  6),EML  message  files  (*.eml),MHTWeb 
Archive  files,  Mozilla  mailbox  files,  generic  mailbox  files 


(mbox,  Berkeley  mail  format,  BSD  mail  format,  Unix  mail 
format)  ...  the  list  is  enormous! 

Aid4Mail  can  be  run  from  the  command  line  or  through 
a  simple  wizardlike  interface  that  steps  you  through  the 
process  of  identifying  the  source  and  destination  of  the  e- 
mail  to  be  transferred  (note  that  with  Outlook  you  can 
select  individual  folders).  You  can  set  up  filtering  by  date 
and  content,  and  select  export  options  such  as  retaining 
formatting  or  converting  to  plain  text. 

Our  exhaustive  tests  showed  a  time  of  about  25  seconds 
to  process  a  single,  81 7-message  Outlook  folder  (including 
de-duplicating)  —  that’s  roughly  30  millisec  per  message. 

A  key  feature  of  Aid4Mail  is  its  ability  to  convert  mail  to  a 
non-proprietary  RFC-compliant  format  suitable  for  archiving 
(this  means  that  you  should  be  able  to  read  the  contents  in 
a  decade  or  more  unless  the  coughing  chickens  wipe  out 
civilization), which  could  be  really  valuable  in  ensuring  that 
all  of  your  enterprise  messaging  is  Sarbox-  compliant. 

Aid4Mail  can  directly  create  ZIP  archives  and  extract 
attachments  and  embedded  contents  from  messages  and 
store  them  in  separate  folders  inside  the  archive  file. 
Aid4Mail  also  includes  automatic  removal  of  duplicate 
attachments  and  embedded  contents. 

This  is  an  outstanding  tool,  and  at  $49.95  for  a  single-user 
license  for  the  Professional  version  (the  standard  version 
doesn’t  support  Outlook),  it’s  a  steal! 

Write  to  us!  We’ll  manage  your  mail  at  gearhead 
@gibbs.com. 


GEARHEAD 

INSIDE  THE 
NETWORK 
MACHINE 

Mark  Gibbs 


reminded  us. 


The  scoop:  VX924  19-inch  LCD  monitor,  about  $470,  by  ViewSonic 
.•s  What  it  is:  ViewSonic  markets  the  VX924  as  “the  fastest  screen 
you’ve  ever  seen,” sporting  a  3-millisec  response  time  to  provide  bet¬ 
ter  quality  for  graphic-intensive  applications,  videos  and  games.  The  monitor  pro¬ 
vides  two  video  inputs  (digital  or  analog),  native  resolution  of  1,280  by  1,024  pixels, 
a  550:1  contrast  ratio,  160-degree  viewing  angle,  and  a  270  cd/m2  brightness  rate. 

Why  it’s  cool: The  VX924  sits  somewhere  between  the  high-end,  2 1-inch  monitors 
from  Gateway  and  Dell  that  we’ve  seen  recently,  and  the  more  simple  BenQ  moni¬ 
tors  (FP71G+)  that  provide  basic  connections  for  a  desktop  or  notebook  PC.  The 
digital-video-input  (DVI)  connection  will  appeal  to  gamers  (or  corporate  execu¬ 
tives)  who’ve  rigged  up  their  computers  with  high-end  graphics  cards  and  want  the 
digital  video  to  provide  a  faster  response  rate,  but  I  got  a  good-quality  connection 

with  the  standard  VGA  cable.  (ViewSonic  provides  a  VGA 
and  DVI  cable.) 

The  fast  response  rate  minimizes  a  ghosting  effect  in 
games  and  movies,  in  which  lighted  pixels  appear  to  stick 
around  after  they’re  supposed  to  be  gone.The  best  way  to 
see  the  ghosting  effect  is  to  watch  an  action  movie  or  put 
in  a  fast  PC  racing  game.  In  our  very  non-scientific  test,  we 
popped  in  a  DVD  and  watched  part  of  a  movie  on  the 
VX924  and  part  on  an  older  CRT  monitor.  Although  ghost¬ 
ing  was  limited  on  both  monitors,  watching  the  movie  on 
theVX924  was  far  superior  (better  brightness,  contrast,  clari¬ 
ty  and  lack  of  ghosts). 

Some  caveats:  If  you  don’t  care  that  much  about  ghost¬ 
ing  or  fast  response  rate,  other  19-inch  monitors  may  pro¬ 
vide  you  with  a  slightly  lower  cost  (although  $470  for  a  19- 


The  VX924  eliminates 
ghosts  from  movies 
and  games. 


inch  LCD  is  pretty  good).  We  also  had  some  trouble  reconnecting  the  back  panel 
when  using  the  DVI  cable,  as  the  cable  got  in  the  way  of  the  plastic  panel.  We’re  not 
that  obsessed  with  hiding  our  cables  from  view, so  it’s  not  that  big  a  deal. 

Grade:  4  stars  (out  of  five)-*"*-*^ 

The  scoop:  Mega  TravelDrive  (4GB),  about  $150 
from  Memorex 

What  it  is:  An  extremely  tiny  USB  hard  drive, 
the  Mega  TravelDrive  gives  you  the  ability  to 
carry  your  files  with  you  (and  if  you  need 
higher  capacities,  Memorex  sells  the 
drive  in  6GB  and  8BG  versions  for 
$180  and  $230,  respectively).  No 
power  supply  is  needed;  just  plug 
into  an  available  USB  port  on  your 
computer  and  you  can  quickly  transfer 
files  to  the  drive  or  access  files  already  stored 
on  it. 

Why  it’s  cool:  USB  hard  drives  aren’t  new,  but  what 
is  new  and  exciting  is  their  increasing  capacities  and  their 
design.The  Mega  TravelDrive  offers  a  pivoting  USB  connec¬ 
tor  that  folds  inward  when  you’re  done  with  it. This  makes 
the  overall  size  of  the  drive  about  the  size  of  a  box  of  Tic 
Tacs  (if  Tic  Tacs  were  in  a  square,  not  rectangular,  package) . 

The  pivoting  USB  head  also  provides  an  easier  fit  into  hard- 
to-reach  USB  ports  (for  example,  when  you  have  a  regular  USB  cable  connected 
right  next  to  the  open  slot).  Memorex  provides  an  extension  cable  in  case  the  piv¬ 
oting  head  can’t  access  the  open  port. 

Grade:  3.5  stars  ★★★■< 

Shaw  can  be  reached  at  kshaw@nww.com. 


The  Mega  Travel 
Drive's  pivoting  head 
will  fit  into  tight  USB 
spaces. 


OPEN  STANDARDS  FOR  VIRTUALLY  LIMITLESS  SECURE  AND  SCALABLE  INTEGRATION 
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Two  testing  experts  debate  the  pros  and  cons  of  using  Skype  in  enterprise  networks. 


ACE-OFF 


Is  Skype  enterprise-ready? 


Yes 


E 


James  Gaskin, 
Network  World  Lab  Alliance 


I  very  technical  product  has  security  gaps,  the  largest  of  which  is  most  often  the 
end  user.  Enterprise  network  owners  must  decide  whether  a  product’s  benefits 
I  outweigh  its  potential  problems.  Skype,  when  used  intelligentlysolves  many  more 
problems  than  it  creates. 

Because  its  developers  built  encryption  into  Skype  from  the  beginning,  conversa¬ 
tions,  instant  messages  and  file  transfers  are  automatically  encrypted. Other  IM  and  per¬ 
sonal  VoIP  options  from  AOL, Yahoo,  MSN  and  Google  offer  no  encryption  or  other  secu¬ 
rity  of  that  nature.  Because  of  this  encryption,  technical  support  departments  can  use 
Skype  to  IM  passwords  to  remote  users  without  fear  of  interception.  Encrypted  file 
transfers,  difficult  to  push  for  non-technical  users,  are  the  Skype  default. 

Unfortunately  Skype  developed  proprietary  methods  to  establish  its  global  peer-to- 
peer  network,  and  proprietary  software  makes  people  nervous.  Skype  has  contracted  an 
outside  security  expert  to  vet  its  cryptography  scheme  (see  www.networkworld. 
com.DocFinder:  1227), and  the  two  security  holes  reported  earlier  this  fall  resulted  in  no 
reported  exploits,  intrusions  or  losses  to  users.  Reported  problems  with  microphones 
being  left  on,  obviously  a  security  risk,  weren’t  duplicated  during  my  own  testing. 

Skype’s  founders  recently  said  they  built  the  program  for  individuals  and  small  busi¬ 
nesses,  and  don’t  plan  to  add  the  level  of  restrictive  security  some  enterprises  demand. 
With  proper  configuration  (meaning  it’s  set  up  so  that  no  personal  details  are  pub¬ 
lished),  training  and  monitoring,  encrypted  Skype  IM  and  voice  connections  add 
another  low-cost  tool  to  a  company’s  communications  repertoire.  Trading  some  net¬ 
work  resources  used  by  Skype  client  applications  in  Skype’s  peer-to-peer  model  for 
encrypted  IM  and  voice  links  will  be  a  good  deal  for  many  companies. 

Yes,  corporate  laptops  with  Skype  set  to  load  automatically  are  potential  security 
holes.  But  most  of  these  laptops  have  no  hard  disk  encryption,  and  automatically  load 
and  authenticate  to  the  corporate  VPN,  which  are  more  serious  security  issues.  With  a 
bit  of  user  training,  the  Skype  application  can  be  used  as  needed  and  closed,  eliminat¬ 
ing  any  potential  security  breach. 

After  eBay  officially  takes  control  of  Skype,  security  options  for  corporate  group  use 
will  improve,  because  the  U.S.  government  can  pressure  eBay  more  than  it  could  a 
Luxembourg-based  Skype.  Every  company  using  eBay  to  reach  cus¬ 
tomers  will  benefit  by  having  a  Skype  Me  button  on  its  catalog  page  to 
reassure  buyers  wanting  to  hear  a  voice  rather  than  just  see  a  Web  page. 

Right  or  wrong,  users  want  IM  on  their  corporate  desktop.  Skype 
allows  for  encrypted  messages  while  keeping  a  clear  text  history  of 
chats  on  each  local  PC  for  compliance,  a  security  upgrade  over  other 
public  IM  options.  Simply  put,  there  are  bigger  security  battles  inside 
most  commercial  networks  that  require  attention  before  Skype  needs  to 
be  put  at  the  top  of  the  security  concern  list. 


No 


s 


Gaskin  is  an  author  of  books  and  stories  about  technology.  He  can  be 
reached  at  readers@gaskin.com. 


nww.com 

Have  your  say 

What's  your  opinion?  Log  on  to  network 
world.com  and  let  us  know.  Face-off 
authors  James  Gaskin  and  Rodney 
Thayer  will  respond  to  your  comments. 

DocFinder:  1221 


Rodney  Thayer, 

Network  World  Lab  Alliance 


kype  provides  many  powerful  features  for  voice  and  text  communications  at  a 
near-zero  cost.  Unfortunately  Skype  also  is  wrought  with  implementation  flaws 
and  shows  signs  that  it  is  likely  to  be  a  source  of  significant  security  problems.  A 
sound  enterprise  network  security  architecture  would  justify  the  use  of  a  big-brand  tar¬ 
get  like  Skype  only  if  the  application  had  sound  communications  protocols,  well-built 
software  using  generally  accepted  security  technology  and  good  vendor  support. 
Skype  is  lacking  in  all  these  areas. 

The  likelihood  of  an  attacker  successfully  reverse-engineering  either  Skype’s  crypto¬ 
graphy  or  its  underlying  communications  protocol  is  high.  Skype  uses  a  proprietary 
encryption  scheme  on  top  of  a  proprietary  communications  protocol.  There  are  no 
public  specifications,  no  multiple  interoperable  implementations  and  no  publicly 
available  security  reviews  of  the  protocols  that  vet  the  potential  vulnerabilities.There 
is  one  Skype-funded  review  of  the  cryptography  (see  DocFinder:  1227),  but  it  doesn’t 
cover  the  protocol  or  the  implementation.  Furthermore,  Skype  implements  peer-to- 
peer  communications,  thus  facilitating  unauthorized  use  of  bandwidth. 

From  a  hacker’s  perspective,  the  potential  to  compromise  Skype  clients  on  the 
Internet  and  conduct  zombie  or  direct-endpoint  system  attacks  is  appealing. 
Skype  is  architected  with  ease  of  use,  not  security,  in  mind.  It’s  very  difficult  to 
avoid  configuring  the  client  for  automatic  logon,  thus  immediately  announcing 
itself  to  the  Internet.  Skype  is  designed  to  share  too  much  information  in  the  form 
of  contact  details. 

Furthermore,  our  testing  has  uncovered  flaws  in  Skype’s  use  of  Windows’  multimedia 
capabilities.  For  example,  we’ve  seen  Skype  switch  the  microphone  on  by  itself  (imag¬ 
ine  if  an  attacker  could  turn  your  Skype  client  into  a  wiretap),  fail  to  terminate  calls 
when  a  user  commands  it  to  disconnect  (imagine  a  telephony-base  phishing  attack) 
and  periodically  cause  the  microphone  driver  to  fail  (imagine  an  incoming  cal!  with 
an  attack  payload  in  the  protocol,  compromising  the  client  and  allowing  it  to  attack 
your  computer). 

Skype  has  gone  from  an  obscure  but  wildly  popular  start-up  to  a  cog  in  the  great 
wheel  of  eBay’s  infrastructure,  including  the  retail  giant’s  virtually  invisible  support  sys¬ 
tem.  If  a  security  problem  were  found  in  Skype,  it  would  be  essentially 
impossible  to  report,  because  the  report  would  be  lost  in  the  blizzard  of 
auction  complaints  that  eBay’s  support  system  receives. 

Using  Skype  puts  an  enterprise  in  violation  of  its  own  local  network 
use  policy  because  it’s  an  unsecure  software  component  that  uses  the 
network  in  a  questionable  manner. 

This  is  not  to  say  that  Internet-based  telephony  is  a  bad  thing.  However, 
because  of  security  concerns,  Skype  is  definitely  not  my  choice  for  how 
to  provide  that  solution. 


Thayer  is  a  private  network  security  consultant  in  Mountain  View,  Calif. 
He  can  be  reached  at  rodney@canola-jones.com. 
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What  doesn’t  kill 
you  makes  you 
stronger,  right? 

We  hope  to  cash  in  on  the  promise  of  that  adage,  as  we 
are  in  what  we  hope  is  the  final  days  of  the  industry’s 
first  comprehensive  performance  test  of  network 
application  acceleration  devices.  In  partnership  with  David 
Newman  of  Network  Test,  a  Network  World  Lab  Alliance 
member,  we’ve  been  evaluating  products  from  Array  Citrix, 
Crescendo  Networks,  Foundry  Networks,  F5  Networks  and 
Juniper  for  more  than  six  months  now.  And  getting  the  test 
done  right  —  publication  of  the  results  is  set  for  Jan.  16  —  is 
(figuratively  we  hope)  killing  us. 

The  problem  with  delivering  meaningful,  repeatable  test 
results  for  this  given  set  of  products  lies  in  the  fact  that  no 
two  vendors  are  approaching  network  application  accelera¬ 
tion  in  the  same  manner. 

F5  —  one  of  the  original  players  in  this  market  —  has  built 
every  acceleration  feature  known  to  humanity  (plus  a  few 
security  programs)  into  its  BiglP  appliance,  while  start-up 
Crescendo  uses  custom  silicon  to  wring  every  last  bit  of  per¬ 
formance  out  of  its  device. 

Thin-client  vendor  Citrix  is  trying  to  combine  its  application 
translation  expertise  with  the  compression  and  caching  tech¬ 
nologies  it  picked  up  in  its  NetScaler  acquisition  earlier  this 
year.  Foundry  is  moving  up  the  stack  with  its  Serverlron  plat¬ 
form,  offering  many  of  the  same  Layer  7  switching  features  as 
other  test  participants.  Juniper  is  trying  to  bolt  together  the 
Layer  7  Web  application  front-end  device  it  bought  with  its 
recent  purchase  of  Redline  Networks  and  the  WAN  optimiza¬ 
tion  technology  it  acquired  with  its  July  acquisition  of  Feribit. 

While  it  hasn’t  announced  a  product,  Cisco  has  put  the 
acceleration  technologies  from  its  Actona  and  Fineground 
acquisitions  under  an  Application  Networking  Services 
umbrella  with  technologies  such  as  TCP/IP  and  SSL  offload¬ 
ing  and  Layer  4-7  load  balancing. 

So  what’s  a  buyer  to  make  of  this  smorgasbord  of  options? 
We’ll  tell  you  after  our  Application  Acceleration  Summit  in 
New  York  in  conjunction  with  the  Interop  show. 

We’re  hosting  a  dinner  for  executives  from  Cisco,  Citrix, 
Crescendo,  F5,  Foundry  and  Juniper  to  discuss  the  dynamics 
of  this  fast-growing  market.  We’ll  report  on  the  highlights  in 
next  Mondays  issue. 

Separately,  we’re  gathering  engineers  from  companies  that 
offer  application  acceleration  wares  to  discuss  how  best  to 
test  these  devices.That  methodology  should  result  in  an 
apples-to-apples  comparison  that  will  simplify  buying. 

Stay  tuned.  If  it  doesn’t  kill  us  first,  this  information  should 
make  your  network  stronger. 


—  Christine  Burns 
Executive  Editor,  Tests 
cburns@nww.  com 


Onimons 


Give  Apple  credit 

In  reviewing  the  Sony  VaioV620G  PC,  I  can’t  believe 
your  “Cool  Yule  Tools”  (www.networkworld.com, 
DocFinder:  1222)  story  states, “If  all  future  computers 
are  all-in-one’s,  you  will  be  able  to  thank  Sony” 
Although  the  Sony  Vaio  V620G  is  an  all-in-one  com¬ 
puter,  Apple  is  directly  responsible  for  the  introduc¬ 
tion  and  popularity  of  the  all-in-one  computer,  dat¬ 
ing  back  to  the  original  all-in-one  CRT  iMac,to  be  fol¬ 
lowed  by  the  newer  all-in-one  LCD  iMac.  Please  give 
credit  where  it  is  due. 

Sean  Hite 
Buzzards  Bay  Mass. 

VoIP  security 

Regarding  Winn  Schwartau’s  column,  “With  VoIP  it’s 
deja  vu  all  over  again”  (DocFinder:  1223):  I  experi¬ 
enced  a  VoIP  rollout  that  had  many  problems.  Our  IT 
people  were  aware  of  potential  security  vulnerabili¬ 
ties  and  protected  us  as  best  they  could.  However, the 
core  functionality  of  the  Cisco  VoIP  phones  we  pur¬ 
chased  was  unacceptable.  For  example,  the  speed- 
dial  functionality  required  almost  as  many  key¬ 
strokes  as  dialing  the  number  directly  If  the  subject  of 
switching  to  VoIP  were  brought  up,  1  would  say 
absolutely  not  for  the  near  term. 

Scott  Peterson 
Salt  Lake  City 

Winn  Schwartau’s  column  on  VoIP  security  has  me 
a  bit  puzzled  and  saddened.  I’d  like  him  to  know  that 
there  are  many  VoIP  vendors  who  do  understand 
security  issues  and  are  working  to  ensure  that  VoIP 
can  be  deployed  securely 
For  those  not  aware  of  it,  there  is  an  organization 
called  the  VoIP  Security  Alliance  that  includes  a 
wide  range  of  organizations  (currently  99)  partici¬ 


pating.The  major  effort  has  been  to  create  a  taxon¬ 
omy  identifying  the  actual  threats  (DocFinder: 
1224).  The  next  steps  are  to  define  more-formal 
security  requirements  and  create  a  set  of  best  prac¬ 
tices  for  deploying  VoIP 

Dan  York 

Director  of  IP  Technology  Office  of  the  CTO 

Mitel 

Ottawa 

Highway  robbery 

Regarding “U.S.  pitches  wireless  highway  safety  plan” 
(DocFinder:  1225):  The  Vehicle  Infrastructure  Inte¬ 
gration  (VII)  project  appears  to  be  the  next  focus  for 
taxpayer  funding  of  Department  of  Transportation 
projects.  What’s  more  disturbing  is  the  government’s 
intent  to  put  business  interest  ahead  of  public  inter¬ 
est.  It’s  an  exploitation  of  public  resources  that  tax¬ 
payers  not  only  fund  the  VII  but  will  have  to  further 
pay  to  receive  the  real-time  traffic  information. 

I  have  proposed  creating  a  Public  Service  Tele¬ 
matics  Network  based  on  U.S.  Patent  6,480,121  that 
not  only  gives  vehicle  owners  the  ability  to  choose 
among  telematics  service  providers  but  also  unites 
TSPs  in  a  new  mass  media  for  the  public.  The  diffi¬ 
culty  in  its  implementation  is  that  it  undermines  the 
strategic  plans  of  vehicle  makers  to  collect  perpetu¬ 
al  revenue  for  the  lifetime  of  their  products.The  net¬ 
work  also  provides  up  to  30-mile  traffic  status  maps 
to  telematics-equipped  vehicles  without  preset  des¬ 
tination  or  time  of  travel,  free  of  charge  from  a  pub¬ 
lic  TSPThis  puts  the  vehicle  owners  ahead  of  busi¬ 
ness  and  government  interests. 

Bill  Reimann 
Oakdale,  N.Y 

E-mail  letters  to  jdix@nww.com  or  send  them  to  John  Dix,  editor  in 
chief,  Network  World,  1 1 8  Turnpike  Road,  Southborough,  MA  01772. 
Please  include  phone  number  and  address  for  verification. 
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Nick  Lippis 


Is  Avaya  poised  for  a  breakaway? 


telephony  was  born  nearly  10  years  ago, 
when  Cisco  and  3Com  purchased  a  few 
start-ups  and  launched  a  new  enterprise 
voice  market.  It  took  about  four  years  for  compa¬ 
nies  such  as  Avaya,  Nortel,  Mitel,  Alcatel,  Siemens 
and  NEC  to  feel  threatened. 

Today,  Avaya  may  be  poised  to  break  away  from 
its  competitors  because  of  its  focus  on  profes¬ 
sional  services  and  creating  a  developer’s  ecosys¬ 
tem  around  a  new  application  development  plat¬ 
form  based  upon  Web  services  and  service-ori¬ 
ented  architecture  (SOA).  The  next  three  years 
will  be  crucial  as  most  enterprises  choose  an  IP 
telephony  vendor,  locking  in  market  share  for 
years  to  come. 

Since  1996,  IP  telephony  has  transitioned 
through  two  phases  and  is  now  entering  its  third 
level  of  maturity  The  first  phase  involved  experi¬ 
mentation  with  VoIP  and  proprietary  communi¬ 
cation  signaling  built  on  a  PC  platform.This  exper¬ 
imentation  phase  led  to  a  stable  and  reliable  IP 
telephony  platform  built  upon  a  hardened  Linux 
foundation.  For  some  suppliers,  IP  telephony  pro¬ 
ducts  now  have  the  same  reliability  availability 
and  performance  levels  as  traditional  time  divi¬ 
sion  multiplexing  telephony  products. 


The  current,  second  phase  of  IP  telephony  in¬ 
volves  replacing  legacy  voice  services  with  IP  tele¬ 
phony  for  a  favorable  ROI. Today  IT  management 
can  deploy  a  new  IP  enterprise  voice  solution 
with  15%  to  50%  savings,  depending  on  installed 
base.  However,  the  current  phase  offers  compa¬ 
nies  little  of  strategic  value. 

The  third  phase  of  IP  telephony  is  based  upon  a 

The  market  may  move  into 
Avaya’s  value  proposition 
of  software  and  services. 

value  proposition  of  strategic  value  vs.  economic 
efficiency 

Two  new  industry  developments  propelling  this 
phase  are  Session  Initiation  Protocol  (SIP)  and 
Web  services  in  an  SOA  construct.  SIP  standard¬ 
izes  call  signaling  and  communications  between 
different  types  of  devices  from  different  vendors. 
More  importantlySIP  simplifies  the  writing  of  com¬ 
munication  applications.  The  second  develop¬ 
ment  involves  using  Web  services  to  write  business 
applications  that  incorporate  communications. 


SIP  combined  with  Web  services  is  enabling  the 
business  process  to  be  linked  with  communica¬ 
tions  to  deliver  strategic  value  to  users. 

As  IP  telephony  transitions  into  the  strategic- 
value  stage  over  the  next  18  to  24  months,  the  mar¬ 
ket  may  move  into  Avaya’s  value  proposition  of 
software  and  services.  In  contrast,  all  the  other 
major  IP  telephony  vendors  are  product  focused, 
offering  little  to  no  professional  services  or  appli¬ 
cation  development  environments.  Many  vendors 
base  their  application  development  around  a  rel¬ 
atively  small  number  of  highly  specialized  devel¬ 
opers  who  can  program  with  old  protocols  such 
as  CTI,TAPI  and  JTAPI.  As  SIP  and  Web  services 
take  center  stage,  this  developer  community  of 
thousands  will  explode  to  millions  capable  of  in¬ 
jecting  communications  into  business  processes. 
Vendors  that  only  offer  IP  telephony  products  may 
have  enjoyed  the  appetizer  but  may  miss  out  on 
the  entree  as  the  strategic-value  phase  takes  hold. 

Lippis  consults  to  CIOs  of  Global  2000  compa¬ 
nies  and  their  direct  reports  on  network  architec¬ 
ture  development  and  its  funding.  He  publishes 
the  Lippis  Report  ( www.lippis.com )  and  can  be 
reached  at  nick@lippis.com. 


FOR  THE  RECORD 
Christoper  Sloop 


The  facts  about  WeatherBug 


Editor’s  note:  WeatherBug  and  its  CTO 
Christopher  Sloop  came  under  fire  recently  from 
Net  Buzz  columnist  Paul  McNamara,  as  well  as 
readers  of  that  column.  Today  we  offer  Sloop  an 
opportunity  to  respond. 

Most  questions  about  WeatherBug  involve  the 
issues  of  spyware,  adware,  resource  consumption 
and  interaction  with  other  applications.  I  will 
address  each  here. 

Spyware  and  adware  concerns:The  simple  truth 
is  that  WeatherBug  is  not  spyware.  No  major  anti¬ 
spyware  vendor  classifies  WeatherBug  as  spyware. 

One  reason  people  may  associate  WeatherBug 
with  spyware  is  a  brief  six-month  business  rela¬ 
tionship  we  had  with  Gator  more  than  four  years 
ago.  We  moved  quickly  to  end  that  relationship 
when  it  became  clear  Gator’s  business  practices 
were  not  in  line  with  ours.  We  deserve  credit  for 
being  proactive  in  ending  this  relationship  before 
adware  and  spyware  became  hot  topics. 

Another  way  to  understand  why  WeatherBug  is 
not  spyware  or  adware  is  to  appreciate  how  the 
application  works  from  a  technical  standpoint. 
WeatherBug  is  simply  a  Web  browser  customized 
for  smaller  Web  pages  that  fit  within  the  applica- 
tion.The  WeatherBug  application  uses  an  Internet 
Explorer  COM  component  to  display  Web  pages. 
The  remaining  functionality  is  to  deliver  live,  local 
temperatures  from  the  WeatherBug  network  and 
National  Weather  Service  severe  weather  alerts  to 
the  system  tray 

All  calls  WeatherBug  makes  in  the  background 
are  simple  HTTP  requests  and  are  for  the  follow¬ 


ing  purposes:  1)  checking  for  weather  and  fore¬ 
cast  information;  2)  checking  for  National 
Weather  Service  severe  weather  warnings;  and  3) 
checking  for  application  “look  and  feel”  settings 
for  fonts,  background  graphics  and  URL  locations. 

Nor  is  WeatherBug  adware.  We’re  not  an  adver¬ 
tising  or  marketing  company  —  we’re  an  infor¬ 
mation  company  The  network  of  8,000  profes¬ 
sional-grade  WeatherBug  Tracking  Stations  that 
make  up  the  WeatherBug  network  generate  live 
information  you  cannot  get  from  any  other  weath¬ 
er  source.  Data  from  the  WeatherBug  network  is 

My  hope  is  that  the  public 
can  move  past  this  issue. 

used  not  only  by  consumers  but  also  by  TV  mete¬ 
orologists,  energy  traders,  emergency  managers, 
the  federal  government  and  schools. 

My  hope  is  that  the  public  can  move  past  this 
issue  and  focus  on  the  future  of  WeatherBug.  We 
are  focused  on  providing  more  ways  to  access 
WeatherBug  information  via  open  formats  such 
as  RSS,  podcasts  and  APIs. 

The  start-up  behavior  of  WeatherBug  is  com¬ 
pletely  customizable.  You  can  enable  or  disable 
the  application’s  ability  to  start  when  Windows 
starts,  and  you  can  set  the  behavior  of  Weather¬ 
Bug  to  start  in  full-screen  mode  or  minimized  to 
the  system  tray.  By  default,  the  application  is  set 
to  run  when  Windows  starts  because  the  core 
utility  of  the  application  is  to  alert  customers  of 


severe  weather. 

WeatherBug  is  comparable  with,  if  not  better 
than,  other  popular  desktop  applications  regard¬ 
ing  resource  usage.  For  example, WeatherBug  uses 
about  8MB  of  RAM  when  running  in  the  system 
tray  compared  with  Yahoo  Messenger’s  average 
25MB  of  RAM.AOL  Instant  Messenger  uses  about 
0.01%  of  CPU,  as  does  WeatherBug.  WeatherBug 
uses  around  30  bit/sec  of  bandwidth,  as  do  AOL 
and  MSN  Messengers.  (For  testing  details,  see 
www.networkworld.  com,  DocFinder:  1226). 

I  have  heard  a  small  number  of  reports  of 
WeatherBug  interacting  or  causing  issues  with 
other  applications  on  a  system.  We  have  never 
been  able  to  repeat  these  issues  or  prove  with  any 
certainty  that  WeatherBug  was  the  cause. 

WeatherBug  has  never  been  installed  on  a  com¬ 
puter  without  proper  notice  and  consent;  this  has 
always  been  part  of  our  practices  when  distribut¬ 
ing  the  application.  We  have  received  some  cus¬ 
tomer  complaints  about  our  uninstall  process, but 
these  concerned  technical  issues  with  an  old  ver¬ 
sion  of  the  uninstaller  that  required  the  user  to 
exit  the  application  first.  Our  current  version 
addresses  these  uninstall  issues;  as  a  result, reports 
to  our  customer  service  group  have  dropped  dra¬ 
matically. 

As  WeatherBug  looks  to  the  future,  we  will  be  in 
a  constant  state  of  improvement.!  am  committed 
to  listening  to  your  feedback  and  acting  on  it. 

Sloop  is  CTO  at  WeatherBug.  He  can  be  reached 
at  cdsloop@aws.com. 
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BY  JENNIFER  JONES 


e  know  from  countless  reader 
surveys  that  IT  executives  get 
their  technology  information 
from  a  variety  of  sources  — 
high-tech  print  publications 
and  their  Web  sites,  vendor  Web  sites,  trade 
shows,  analyst  firms  and  peers. 

But  what  about  these  sources  of  informa¬ 
tion  that  seem  to  have  exploded  onto  the 
scene  —  blogs,  wikis,  RSS  feeds  and  pod¬ 
casts?  Where  do  they  fit  into  the  busy  day 
of  an  IT  executive  suffering  from  informa¬ 
tion  overload?  And  how  reliable  is  the 
information?  Here’s  a  guide: 


Wiki  keys 

Wiki  (pronounced  wee-kee)  refers  to  the  col¬ 
laborative  software  that  allows  users  to  easily 
create  and  edit  Web  page  content.  Wiki 
(Hawaiian  for  quick)  also  refers  to  the  resulting 
Web  sites.  The  original  wiki  is  Wikipedia,  the 
free  encyclopedia  to  which  anybody  can  con¬ 
tribute,  but  the  software  has  spawned 
countless  wiki  farms  containing  links  to 
every  imaginable  topic. 

Pros:  If  you  want  the  definition  of  a 
term,  or  a  quick  explainer  on  a  particular 
technology,  Wikipedia  is  great. 

Cons:  The  information  in  a  wiki  is  entered 
anonymously,  and  the  only  check  on  the  accu¬ 
racy  of  wiki  entries  is  other  anonymous  wiki 
writers  with  their  own  agendas  and  biases. 

“The  downside  of  wikis  is  that  anyone  can 
alter  them,”  warns  Rich  Diaz,  manager  of  the 
University  of  Maryland’s  digital  imaging  group 
in  College  Phrk.  In  fact,  Wikipedia  tightened  its 
submission  rules  last  week  in  response  to  com¬ 
plaints  about  inaccuracies. 


The  blog  of  war 

Blogs  can  be  lively  opinionated,  link-filled  sites  that  encourage  interactive  dialogue 
between  individuals  about  a  variety  of  topics. 

Pros:  IT  executives  say  blogs  can  be  a  good  source  of  technical  information  and  a 
good  way  to  get  feedback  about  a  particular  product  that  you  might  want  to  buy,  or  a 
specific  tech  issue  or  question  with  which  you’re  wrestling. 

Cons:  Blogs  can  be  written  by  disgruntled  former  employees  or  peo¬ 
ple  with  axes  to  grind. When  evaluating  information  in  a  blog,  consider 
the  source. 

Blogs  have  other  limits.“l  do  read  a  lot  of  blogs,  but  I  just  can’t  find  reliable 
information  on  technology-management  issues,”  says  Mayur  Raichura,  managing 
director  of  information  services  at  Long  &  Foster  Real  Estate  in  Fairfax, Va. 

He  finds  blogs  useful,  however,  when  they  answer  a  specific  technology  question. 
Recently,  Raichura  and  staff  read  several  blogs  to  decide  whether  to  pursue  smart  drop- 
downs  to  allow  Web  site  visitors  to  access  information  on  the  company’s  databases. 
“There  was  a  nice  mixed  bag  of  opinions  —  some  good  and  some  bad.  We  read  these 
and  decided  that  the  technology  overall  is  good  but  that  it  is  not  mature  enough  for  a 
large  set  of  users,"  he  says. 


See  Blogs,  page  48 


IONS 


»  Security  can’t  keep  pace?  Adding  branch  offices,  remote  users  and  personal  device  after  personal 
device  to  your  network?  Then  call  Juniper  Networks  for  assured  -  and  secure  -  remote  access.  Our 
flexible,  industry-leading  VPN  solutions  vigorously  secure  your  network,  while  delivering  outstanding 
performance  for  an  excellent  network  experience.  Visit  www.juniper.net/vpnguide  for  information  on 
how  to  select  the  best  VPN  solution  for  your  business.  Stunningly  superior  service  and  performance  is 
easy:  simply  Juniper  your  net. 
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Blogs 

continued  from  page  46 

Vendors  go  blog  wild 

HP  has  blogs  posted  by  a  variety  of  top  executives  writing  about  a 
wealth  of  technical  topics,  including  identity  management,  application 
manageability  and  Web  services. 

“Instead  of  offering  static  information,  blogs  enable  a  spirited  dia¬ 
logue  that  can,  at  its  best,  cut  through  the  marketing  hype  and  get  to  the 
real  issues  behind  the  IT  ‘hot  topics’  of  the  da/ says  Joel  Fbstman,  HP 
director  of  executive  communications.“lf,for  example,  a  software  indus¬ 
try  executive  blogs  that  ‘service-oriented  architectures  are  just  another 
way  of  saying  Web  services,’  this  will  spark  a  heated  debate,  bringing  the 
smartest  and  most-engaged  people  into  the  conversation.” 

Microsoft  executives  are  also  doing  a  fair  share  of  blogging  as  a 
means  of  interacting  with  users.“In  my  case,  I  can  easily  share  answers 
with  entire  audiences  to  questions  I’ve  been  asked  during  presenta¬ 
tions  that  I  wasn’t  able  to  answer  on  that  da/ says  Matthew  Stephen,  IT 
pro  evangelist  of  the  company’s  Development  and  Platform  Group  in 
the  United  Kingdom. 

Many  users  do  seem  willing  to  spend  at  least  some  time  scrolling 
through  a  corporate  executive’s  blog.“Well,we  do  rely  on  the  technolo¬ 
gy  these  vendors  create,  so  in  some  sense  we  are  at  their  mere/  says 
Brian  Tegtmeyer,  director  of  CenCom  E91 1  Public  Safety  Communica¬ 
tions  Center  in  Round  Lake  Beach,  Ill.These  blogs  contain  no  more  or 
less  slant  than  a  corporate  Web  page.” 

Gartner  analyst  Allen  Weiner  agrees. “Corporate  blogs  can  be  a  great 
source  of  information,  as  long  as  you  put  on  your  filter  when  you  are 
reading  them.” 

Whether  generated  by  corporate  executives  or  experts  —  self- 
appointed  or  otherwise  —  information  contained  in  technical  blogs 
should  be  considered  with  caution.“ln  the  strictest  sense,  blogs  aren’t  a 
reliable  source  of  pure  technical  information.  They  are,  however,  a 
source  of  candid  discussion  on  technical  issues,”  HP’s  Fbstman  says. 

In  terms  of  credibility,  there  are  other  signs  to  look  for.  Key  is  whether 
a  blog  yields  a  response  and  whether  it’s  updated  frequently 

“About  three  months  back,  I  found  a  blog  someone  had  written  about 
their  internal  struggle  with  Java  and  .Net.  It  was  on  management  and 
software  development  —  the  struggles  and  everything  that  was  going 
on.  It  was  a  fascinating  read. And  I  was  hoping  for  more,” he  recalls.“But 
it  never  got  changed  —  for  a  month  or  maybe  more.” 

Be  the  blogger 

A  small  but  growing  number  of  IT  executives  are  becoming  bloggers. 
Tegtmeyer  uses  blogging  software  from  Imeem  of  Palo  Alto  to  create  his 
own  internal  blogs,  which  he  uses  to  foster  dialogue  on  IT  projects  and 
the  center’s  mission. 

“My  blog  was  and  is  intended  as  a  new  communication  medium  for 
our  internal  IT  staff," says  Chris  Jones,  director  of  special  projects  and  e- 
learning  technology  at  the  University  of  Oklahoma’s  Health  Sciences 
Center  in  Oklahoma  City. 

However,  when  Jones  blogged  recently  about  best  practices  for  IT 
Infrastructure  Libraiy  initiatives,  he  received  helpful,  outside  comment. 
“The  contacts  came  from  other  higher-education  organizations  — 
some  vendors,  some  people  with  experience  in  related  fields,”  he  says. 
“All  were  interested  in  what  we  were  doing  and  were  hoping  to  be  part 
of  a  larger  discussion  on  the  topics.” 

It  wili  take  such  proactive  measures  on  the  part  of  IT  leaders  to  broad¬ 
en  blogs,  Gartner  analyst  Weiner  says.  But  so  far  the  IT  manager  who 
blogs  remains  a  rarity.“We’ve  seen  some  cases  —  though  they  are  not 
prevalent  —  of  a  CIO  chronicling  in  a  blog  the  details  of  a  project 
implementation.  This  kind  of  information  allows  others  to  gain  real 
understanding.” 

“But  it  takes  an  extremely  visionary  CIO  to  be  doing  that  toda/ 
Weiner  adds.  Along  with  vision,  blogging  takes  time  —  a  precious  com¬ 
modity  for  the  IT  executive,  who  must  further  worry  over  the  internal 
politics  of  revealing  project  strategies  and  details  to  the  world.“Security 
can  be  another  paramount  issue  for  the  CIO  who  plans  to  write  a  diary 
of  an  implementation." 


Push  comes  to  shove 

Most  often  powered  by  a  format  Netscape  devel¬ 
oped  in  1999,  RSS  feeds  gather  updates  to  blogs  or 
news  posted  on  specified  Web  sites. 

Pros:  Easy  way  to  get  information  sent  to  you. 

Cons:  Can  contribute  to  information  overload. 

“It  keeps  me  halfway  up-to-date  on  topics  I  should 
know  about,”  Long  &  Foster’s  Raichura  says. 

Jones  adds,“l  am  an  Apple  Macintosh  guy  so  I  use 
the  new  Safari  browser  that  ships  with  every  Mac 
and  has  an  FtSS  reader  built  in,  but  I’ve  also  used 
FeedReader  on  the  PC  side.” 
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Wiki  resources 

We’ve  assembled  a  collection  of  inks  — 
from  downloadable  Wiki  tools  you  can  run 
yourself  to  hosted  Wikis. 


Ego  to  go 

Fbdcasts  are  a  method  of  preparing  audio  files  —  for  example, 
lectures  on  FFspecific  topics  —  that  can  be  played  back  on 
portable  digital  music  or  multimedia  players,  including  iPods. 
Pros:  Gives  you  information  you  can  listen  to  while  mobile. 
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The  cost 

of  getting 

bigger 
just  got 
smaller. 

You  need  more  storage.  You  don't  need  more  fees  or  systems  to 
manage.  The  Piilar  Axiom™  storage  system  lets  you  add  performance 
and  capacity  up  to  300  TB  per  system,  without  multiple  software 
license  fees.  It  empowers  you  to  manage  data  on  multiple  tiers, 
whether  in  SAN,  NAS  or  both,  through  one  simple  user  interface. 
Because  Pillar  delivers  top-tier  performance  and  capacity,  often  for 
less  than  what  many  companies  pay  just  to  maintain  and  operate 
their  storage  systems,  it  can  really  improve  your  bottom  line. 

To  hear  about  our  new  approach  to  managing  data  storage,  you 
owe  it  to  yourself  to  schedule  a  half-hour  briefing. 

Call  1-877-252-3706  or  visit  www.pillardata.com/smailer 

Learn  the  truth  about  networked  storage. 


HP  shines  in  test  of  network 
mgmt  framework  tools 

BY  BARRY  NANCE,  NETWORK  WORLD  LAB  ALLIANCE 

A  framework-based  network-management  system  doesn’t  necessarily  have 
to  consist  of  scores  of  modules  that  support  a  supercomplex,  hypereclectic 
computing  and  network  environment.  For  lots  of  networks  (or  if  you  want  to 
get  your  feet  wet),  the  framework  plus  a  few  modules  may  be  all  you  need. 
We  call  these  tools  framework  express,  or  framework  lite. 


Network  Node  Manager's  extended  topology  map  uses  color  to 
show  device  status  and  network  health. 


Getting  to  the  core  of  network  management  by  choosing 
only  those  modules  that  support  your  key  devices,  servers 
and  applications  can  be  an  effective,  affordable,  productive 
and  smart  approach  to  using  a  framework-based  NMS. 

The  ideal  framework-express  package  includes  a  central 
management  and  monitoring  piece,  to  which  you  add  a 
few  modules  that  recognize  and  manage  specific  devices, 
servers  and  applications.  Each  module  blends  seamlessly 
into  the  overall  NMS,  has  a  small  footprint  and  is  easy  to 
use.  Modules  work  together  to  manage  everything,  auto¬ 
mate  administrator  tasks,  process  SNMP  alerts  (traps),  dis¬ 
cover  the  network  and  diagnose  outages  and  performance 
problems.  The  perfect  package  offers  useful  reports,  scales 
well,  is  pervasively  platform-neutral  and  enforces  good 
security 

To  find  a  system  that  meets  our  criteria,  we  invited  ven¬ 
dors  to  submit  systems  to  our  Alabama  lab  for  testing.  We 
tested  HP’s  OpenView  Network  Node  Manager  7.5,  Open- 
View  Operations  7.5  and  OpenView  Internet  Services  6.0; 
BMC  Softwares  Performance  Manager  Console  7.5.20, 
Distribution  Server  7.1.21  and  Performance  Manager  Portal 
1 .2.00;  and  PerformancelT’s  ProIT  IT  Operations  Manage¬ 
ment  Software  4.0.  Computer  Associates,  which  had  just 
acquired  Aprisma  at  the  time  of  our  tests,  said  it  needed  to 
think  about  the  positioning  of  Unicenter  vs.  Aprisma’s  prod¬ 
ucts  and  declined  our  invitation.  IBM’s  Tivoli  division,  after 
initially  agreeing  to  participate,  backed  out  of  the  tests  and 
said  a  suitable  product  wouldn’t  be  ready  until  June. 

We  awarded  HP  the  Clear  Choice  Award  for  OpenView’s 
excellent  network  discovery,  root-cause  problem  analysis, 
task  automation,  responsive  and  intuitive  user  interface, 
and  scalability 

System  overview 

The  core  of  the  OpenView  framework  express  is  Network 
Node  Manager.  In  our  tests,  it  excelled  at  network  discovery, 
device  status  tracking,  network  map  graphing,  statistics 
gathering  and  SNMP  alert  processing.  Network  Node 
Manager  uses  Management  Information  Base  (M1B)  data 
from  several  sources,  including  routers,  switches,  bridges 
and  repeaters.  It  captures  some  Layer  2  data,  but  for  the 
most  part  it  maps  Layer  3  details.  HP  supplies  numerous 
predefined  M1B  expressions,  which  Network  Node 


Manager  applies.  The  impressive  list  includes  utilization 
and  error  percentages,  total  packets  by  category  (in,  out 
and  errors),  retransmits,  Cisco  memory  utilization  and  full- 
duplex  utilization  percentage. 

More  Network  Node  Manager  traits 

Event  Classifier:  Uniquely  classifies  and 
consolidates  all  Cisco  events. 

PairWise  Events:  Matches  parent  and  child 
events. 

Chassis  Failure:  Monitors  Cisco  traps  for 
temperature,  fan  failure  and  power-supply  faults. 

Router/Switch  Intermittent  Status:  Monitors 
interface-down  alarms  in  a  given  period. 

Router/Switch  Health:  Correlates  interface- 
status  alarms  with  related  router  or  switch  node¬ 
status  alarm. 

De-Duplication:  Nests  duplicate  events  under 
the  most  recent  alarm. 

Connector  Down:  Zeroes  in  on  the  device  at 
fault  when  connectivity  is  lost. 


Network  Node  Manager  collects  network  health  data, 
stores  it  in  a  relational  database  (provided  by  HP), analyzes 
the  stored  device-status  and  event  data,  and  reports  results 
in  useful  charts  and  graphs.  The  system’s  root-cause  prob¬ 
lem  analysis,  dubbed  Advanced  Intelligent  Diagnosis  for 
Networks,  was  especially  helpful  in  zeroing  in  on  a  specific 
device  that  was  causing  an  outage  or  performance  prob¬ 
lem,  while  its  path-analysis  capability  is  similarly  helpful  in 
pinpointing  problems  and  performance  degradations 
involving  network  pathways  and  linkages. 

Network  Node  Manager’s  quick  and  accurate  discovery 
feature  worked  well  in  all  our  tests,  no  matter  what  mix  of 
devices  we  asked  it  to  manage.lt  identified  and  inventoried 
not  only  physical  devices,  but  also  virtual  network  services. 
Network  Node  Manager,  which  accepts  what  HP  terms 
Smart  Plug-ins  in  order  to  support  new  technologies  and 


services,  is  itself  a  sort  of  framework  environment. 

Network  Node  Manager’s  automatic  baseline  feature,  like 
its  discovery  feature,  makes  setup  and  initial  use  a  breeze. 
This  feature  automatically  sets  alarm  thresholds  by  review¬ 
ing  and  analyzing  collected  device-status  and  event  data  to 
identify  deviations,  exceptions  and  other  unusual  activity 
When  we  used  this  feature  and  added  a  few  thresholds  of 
our  own  (based  on  our  knowledge  of  the  applications 
using  the  network),  Network  Node  Manager  thereafter  gen¬ 
erated  prompt  and  highly  informational  alarms,  via  pager 
or  e-mail,  to  alert  us  when  the  thresholds  were  exceeded. 

The  system  has  comprehensive  protocol  support  for 
packet  formats,  including  HSRPIPv6  and  virtual  LAN  mate¬ 
rial.  We  also  found  that  its  distributed  architecture  scales 
well  to  handle  larger  and  more  complex  network  environ¬ 
ments.  Network  Node  Manager  even  monitors  itself  to 
ensure  it’s  running  normally  It  pages  an  administrator  or 
sends  e-mail  alerts  if  the  self-monitor  finds  that  Network 
Node  Manager,  or  its  server,  has  died. 

The  OpenView  Operations  module  works  with  Network 
Node  Manager  to  provide  event  management,  perfor¬ 
mance  monitoring  and  automated  alert  processing. This  is 
especially  useful  for  data  centers  that  need  to  achieve 
24/7  uptime  and  availability  We  noticed  in  testing  that  mul¬ 
tiple,  concurrently  running  instances  of  OpenView 
Operations  coordinated  and  synchronized  with  each 
other,  exchanging  device  and  network  status  information. 
Running  in  a  clustered  environment,  OpenView  Operations 
will  robustly  fail  over  to  another  healthy  server.  HP  supplies 
a  rather  elaborate  programming  interface  for  OpenView 
Operations,  and  it  sports  a  high-level  Visual  Basic  Script-like 
language  for  customers  who  want  to  tailor  its  processing. 

The  OpenView  Internet  Services  module  excelled  at 
tracking  Web  transaction-oriented  service-level  agreement 
(SLA)  violations.  For  services  we  defined,  from  general  Web 
access  to  particular  e-commerce  transactions,  it  noted 
availability  and  response-time  details,  and  alerted  us 
when  SLA  parameters  were  exceeded.  Alerts  took  the 
form  of  pager  calls,  e-mail  notices  and  SNMP  traps,  and  we 
could  tell  the  module  to  execute  a  command  in  response 
to  an  alert. 

As  is  true  for  virtually  all  of  the  OpenView  modules,  each 

See  HP,  page  52 
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SSL  VPN  Grows  Up 

SSL  is  becoming  the  VPN  technology  of  choice,  with  products  from  vendors  like  Array  Networks  delivering 

high  performance,  ease  of  use  and  cutting-edge  security  —  at  a  low  cost. 


K  wasn’t  long  ago  that  the  Secure 
Sockets  Layer  (SSL)  protocol  was 
used  chiefly  as  a  means  of  providing 
secure  connections  to  Web  sites, 
such  that  consumers  would  feel  com¬ 
fortable  sending  their  credit  card  and  other  per¬ 
sonal  data  over  the  Internet.  Today,  SSL  is  increas¬ 
ingly  being  used  for  corporate  virtual  private  net¬ 
works  (VPNs)  providing  secure  access  to  various 
corporate  resources  for  an  organization’s  own 
users  as  well  as  customers  and  business  partners. 

SSL  VPNs  are  being  deployed  as  an  alternative  to 
VPNs  based  on  the  IP  Security  (IPSec)  protocol, 
and  with  good  reason.  SSL  VPNs  are  far  easier  to 
deploy  because  they  require  only  a  Web  browser 
to  be  present  on  the  client  machine.  IPSec  requires 
client-side  software,  which  means  IT  must  “touch” 
every  client  that  is  to  participate  in  the  VPN. 

SSL  VPNs  also  provide  more  security  options.  If  a 
computer  connected  via  IPSec  is  infected,  it  can 
quickly  infect  the  rest  of  the  network.  SSL  VPNs 
from  companies  such  as  Array  Networks  act  as  a 
full  reverse  proxy,  creating  a  "virtual  divide.”  The 
user’s  session  is  terminated  at  the  VPN  device,  so 
the  user  never  has  a  presence  on  the  network.  That 
enables  the  system  to  ferret  out  and  drop  suspi¬ 
cious  connections  before  they  do  any  damage. 

At  the  same  time,  today’s  SSL  VPNs  offer  more 
functionality  than  the  previous  generation,  such  as 
highly  configurable  access  control  capabilities  that 
include  a  security  health  check  on  each  client, 
improved  manageability  without  costly  agents  on 
each  end  point,  and  the  ability  to  provide  access  to 
virtually  any  corporate  IT  resource,  from  applica¬ 
tions  to  printers. 

An  Exploding  Market 

Customers  are  getting  the  message.  I  DC  says  the 
market  for  SSL  VPN  appliances— the  most  preva¬ 
lent  form  of  SSL  VPN— was  $200  million  in  2004, 
up  an  “incredible”  172%  from  the  prior  year.  By 
2009,  IDC  estimates  the  market  will  reach  nearly 
$900  million  in  revenue,  -a  compound  annual 
growth  rate  of  35%  from  2004. 

In  its  March  2005  report  on  the  SSL  VPN  market, 
IDC  says  it  believes  the  market  for  clientless  solu¬ 
tions  will  be  “extremely  dynamic”  in  coming  years, 
with  “exceptional  growth,  predicated  on  continued 
deployment  of  Web-based  remote  access  applica¬ 
tions  and  services.”  But  growth  won’t  be  limited  to 
remote  access;  SSL  VPN  use  within  a  corporate 
LAN  will  likewise  greatly  expand  as  companies  seek 
to  provide  tighter  access  controls  to  corporate 
resources  from  within  their  own  walls,  IDC  says. 

Given  the  expanded  role  that  SSL  VPNs  are  now 
playing,  researchers  at  Frost  &  Sullivan  even  came 
up  with  a  new  name  for  the  product  category: 
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Features/Benefits 

Requires  only  common 
Web  browser  for  secure 
access 

Client-side  security 
downloaded  on-the-fly 

•  Host  checking 

•  Cache  cleaning 

•  Secure  desktop 


Multi  VPN  capability 

•  Webified  applications 

•  Client/server 

•  File  sharing 

•  Layer  3  VPN 

•  IPSec  migration 


Evolving  to  Universal  Access  with  SSL  VPN 


•  Home 

telecommuters 

•  Small  office/ 
home  office 


•  Mobile  users 

•  Hotels 

•  Airports 

•  Kiosks 

•  Roaming 
PDA  &  cell 
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•  Branch  office 

•  Franchise  store 

•  Remotely  hosted 
applications 
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•  Partners  •  Customer 
A,  B,  C,  D 
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Granular  access  control 


•  Authentication 

•  Authorization 

•  Auditing 


SSL 


Purpose-built  platform 


•  Remote/local  access 

•  Up  to  64,000 
concurrent  users 

•  Lower  latency  than 
IPSec 

•  Integrated  firewall 

•  Security-hardened  OS 

•  High  availability 

•  Application  filtering 


Local 

users 


Unique  solutions 

•  Citrix  replacement 

•  Web  resource  mapping 

•  E-mail  proxy 

•  256  virtual  portals 

•  Application  acceleration 

•  Intelligent  desktop 
management 
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Web,  application  and  database  servers 
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connection 
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Remote  or 
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Resource  Gateway. 

Frost  &  Sullivan  argues  that  the  term  “SSL  VPN” 
doesn’t  adequately  describe  what  products  in  the 
category  do.  From  an  enterprise  user’s  perspec¬ 
tive,  the  objective  is  to  provide  “a  means  to  control 
and  optimize  end  user  interactions  with  useful 
resources,”  Frost  &  Sullivan  says  in  its  August  2005 
report  on  SSL  VPN’s.  Those  resources  can  include 
not  only  business  applications,  but  file  shares,  net- 
work-connected  devices  such  as  printers  as  well  as 
other  end  user  machines,  Frost  &  Sullivan  says. 

To  compare  the  various  products  in  the  market, 
Frost  &  Sullivan  rates  them  on  each  of  three  func¬ 
tional  requirements:  connectivity,  security  and  per¬ 
formance.  The  company  assigns  each  vendor  to 
either  the  lower  tier  or  upper  tier  in  each  category. 

Array  Networks  Shines 

Frost  &  Sullivan  puts  Array  Networks  in  the  top 
tier  in  each  of  the  three  categories.  The  Array  SPX 
Series  SSL  VPN  products  combine  three  attributes 
that  Frost  &  Sullivan  says  are  essential  for  success: 
scalability,  functional  extensibility  and  adaptability. 

In  terms  of  scalability,  Array’s  SPX  Series  sup¬ 
ports  up  to  64,000  users  and  100,000  simultane¬ 
ous  connections  per  device,  with  throughput  of  up 
to  850M  bit/sec— making  it  the  world’s  fastest  and 


most  scalable  SSL  VPN  product.  Array  Networks’ 
systems  perform  eight  times  faster  and  scale  12 
times  higher  than  the  nearest  competitor.  Array 
also  supports  as  many  as  256  virtual  portals  on  a 
single  system,  enabling  users  to  create  “instant 
DMZs”  that  segment  different  user  communities. 
All  this  adds  up  to  Array  delivering  the  lowest  total 
cost  of  ownership  to  its  customers. 

It  should  be  no  surprise,  then,  that  Array  prod¬ 
ucts  are  deployed  in  some  of  the  largest,  most 
demanding  organizations,  including  four  of  the 
world’s  top  10  banks,  five  of  the  top  10  communi¬ 
cations  service  providers  and  more  than  20  per¬ 
cent  of  the  Global  2000  enterprises. 

As  Michael  Suby,  a  senior  research  analyst 
with  Frost  &  Sullivan  and  the  author  of  its 
report  puts  it,  “Array  is  one  of  the  limit¬ 
ed  number  of  vendors  with  broad 
functionality  in  all  three  func-  _ 

tional  categories— connec- 
tivity,  security  and  per-  _ 

formance "  Try  °u*  the  s 

most  powerful  SSL 

VPN  solution  wi*‘i  our 

FREE  trial  offer  3o  to 

www.arraynetworks.net/freetrial 

or  call  1-866-MY-ARRAY  for  details. 
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NetResults 


Product 

OpenView  Network  Node 
Manager  7.5,  OpenView 
Operations  7.5,  OpenView 
Internet  Services  S.O 

Performance  Manager  Console 

7.5.20,  Distribution  Server 

7.1.21,  Performance  Manager 
Portal  1.2.00 

ProlT  fT  0  pent  lefts 
Management  Software  4.1 

Vendor 

HP 

www.openview.com 

BMC  Software 
www.bmc.com 

PerformancelT 

www.performance1t.com 

Price 

Network  Node  Manager.  $5,994; 
OpenView  Operations,  $59,994; 
Open  View  Internet  Services, 

$17,994. 

Performance  Manager  Portal, 
$4,000;  Performance  Manager 
Console,  $525  per  CPU; 
Distribution  Server  is  included 
in  package. 

Starts  at  $9,995  for  S 

Edition  (50  de.  aes;. 

tandard 

Pros 

Handles  large,  diverse  networks 
with  ease;  intuitive  interface; 
useful  reports. 

Excellent  discover;  good  reports. 

Good  monitor  ng  of  aaa  cations 

and  ser/ces. 

Cons 

No  printed  documentation. 

Siuggish  interface. 

R  uns  only  or  Windows. 

Score 

4.5 

3.6 

3.6 

The  Breakdown 

HP 

BMC 

PerfonrarcefT 

Management  20% 

5 

3 

Reporting  20% 

5 

4 

Ease  of  use  20% 

5 

3 

3 

Corrective  action  10% 

4 

4 

4 

Notification  10% 

4 

4 

Installation  10% 

4 

4 

4 

Documentation  10% 

3 

4 

_ 

" 


Total  score  4.5 


3.6 


3J 


Sewing  Key:  5:  Exceptional;  4:  Very  good;  3:  Average:  2:  Below  average;  1:  Subpar  or  not  available 
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or  e  vo&  "exed  run s  :«  HP-LX  Sun  Solaris,  Microsoft 
Windows  _  >  1  _  *  3  and  XP :  and  Red  Hat  Linux. 

Ho  agents  here 

B’.fCs  FarSonnance  Manager  Fbrtal  is  an  agentless  tool 
trial  nxxtttors  ’Aet -based  transactions,  as  well  as  IP-based 
i-r  tees  ana  coma  aters.  Its  three-tier  architecture  includes 
act.)  tab  on  serter  database  server  and  Web  server  compo¬ 
nents.  Toe  Fteriormance  Manager  console  includes  nine 
: ;  cents:  Central  Operator  Windows,  Central  Operator 
v.fb.  Console  Sender,  RTServer.  Infrastructure  Monitor, 
Configuration  Manager,  Console  for  Unix,  Console  for 
Windows  and  Migration  Tools.  The  Distribution  Server 
remoter."  installs  or  uninstalls  Patrol  components  across 
mr title  syrstems  from  a  single,  centralized  console.  All 
—  ;id_  les  are  part  erf  BMCs  Business  Service  Management 
sealer."  ■*  r. .  ch  targets  applications  and  their  associated  net- 
woA  infrastructures. 

Together  tr..e  Fferforman.ee  Manager  Fbrtal  and  Perfor¬ 
mance  Manager  Console  identify  diagnose  and  report  sim¬ 
ple  and  complex  network  problems  related  to  specific 
application  environments,  such  as  Apache  Web  Server, 
Cotttpac  Insight  Manager  Dell  OpenManage,  BEA  Web- 
LogicIBM  VVfebSphere.  JBoss  and  SAP  In  addition  to  moni- 
: :  ring  specific  applications,  the  system  tracks  operating- 
system  behavior  including  performance,  resource  con¬ 
sumption  and  server  capacity:  It  also  kept  an  eye  on  Active 
Directory  components  and  events,  combed  through 
Windows  event  logs  for  items  that  could  trigger  alerts 
based  on  event  type,  source,  event  ID,  user  or  category  The 
system  could  also  baby-sit  individual  processes  and  ser¬ 
vices  to  ensure  they  were  running,  and  noted  the  con¬ 
sumption  of  resources.  SNMP  alerts  (traps)  could  be 
processed  to  track  network  events  and  errors. 

Although  the  system  works  without  agents.  Performance 
Manager  Fbrtal  comes  with  those  that  you  can  optionally 
use.  In  our  tests,  agents  could  provide  more  information 
about  each  monitored  system  than  the  agentless  environ¬ 
ment  provided,  such  as  identifying  runaway  processes 
inside  servers. 

The  Fferiormance  Manager  Fbrtal,  Performance  Manager 
Console  and  Distribution  Server  run  on  Red  Hat  Linux, Sun 
Solaris  Win  2000  and  Win  2003. 

Adding  packs  to  the  system 

Trie  ProlT  Operations  Management  Software  is  similar  to 


monitoring  products  such  as  Argents  Guardian  and  Micro¬ 
soft’s  Operation  Manager.  Yet  the  base  product  is  still  a 
framework  to  which  you  add  Management  Packs.  Each 
Management  Pack  monitors  a  specific  application  or  plat¬ 
form. 

ProIT’s  discovery  feature  is  its  AutoMap  Dependency 
engine.  Like  Network  Node  Managers  discovery  feature, 
ProIT’s  AutoMap  quickly  and  accurately  found  and  identi¬ 
fied  our  network  components,  and  it  noted  network  paths 
and  device  dependencies  as  it  searched. 

ProlT  includes  three  primary  components:  Infrastructure 
Services  Management  (ISM),  Applications  Services 
Management  (ASM)  and  Business 
Service  Management  (BSM).  ISM 
contains  ProlT’s  core  management 
and  monitoring  processes,  includ¬ 
ing  AutoMap  discovery-  a  notifica¬ 
tion  engine,  monitoring  engine,  a 
knowledge  base  for  help  desk  sup¬ 
port,  operational  workflow  support 
and  basic  reports  that  show  perfor¬ 
mance  and  utilization  statistics. ASM 
focuses  on  specific  applications, 
and  is  the  main  interface  point  for 
ProITs  Management  Packs.  ASM 
also  maps  dependencies,  tracks 
assets  and  prepares  business  avail¬ 
ability  reports. 

BSM  contains  dashboard  display's 
that  show  the  integration  of  busi¬ 
ness  and  management  information. 
It  also  supplies  reports  about  appli¬ 
cation  detail,  service-level  manage¬ 


ment  and  business  vs.  network  integration,  as  well  as  cc 
solidated  system  view's. 

Like  OpenView  ProlT  has  a  self-monitor  that  ensures  t 
system  is  running.  If  you  subscribe  to  Fferformancei  - 
optional  external  monitoring  service,  the  vendor  vl 
remotely  monitor  each  of  your  ProlT  instances  from  ? 
network  operations  center. 

Each  ProlT  Management  Pack  monitors  an  applicati  . 
operating  system  or  device  and  it  comes  preconfigui  i 
with  thoughtfully  selected  thresholds  out  of  the  box.  1 
especially  liked  being  able  to  apply  a  Management  Pi  c 
and  its  thresholds  simultaneously  and  consistently  to  i 
entire  group  of  devices  or  serv  ers,  without  having  to  c  - 
figure  each  one  ProlT  has  Management  Packs  for  vark  s 
operating  systems,  including  Window's.  HP-LX  Solaris. .-  . 
Digital  UnLx.  Red  Hat  Linux.  SuSE  Linux.  Debian  Lin  , 
Novell  NetWare  and  OS/400.  Device  support  includes  th  : 
from  Cisco,  HP  Foundry  Networks.  3Com.  Extre  3 
Networks.  Nortel,  Enterasys.  Alcatel.  Lucent  and  Juniper.  J 
ProlT  Management  Packs  also  support  specific  appl:  - 
tions,  including  Microsoft  Exchange.  SQL  Serv  er  and  Ore  ? 
databases.  ProlT  runs  on  Windows  2000  Server  ei 
Windows  2003  Server. 

How  easy  are  these  things? 

HP  calls  Network  Node  Manager's  user  interface  Ho  e 
Base.  It  gives  administrators,  engineers,  troubleshooters ;  i 
planners  an  intuitive,  easy-to-navigate  summary  of  the  i  t- 
works  status,  quick  access  to  detailed  alarms  and  easy  > 
understand  graphical  maps  of  the  network  infrastruct  e 
and  services.  HP  bundles  both  a  native  Windows  vers  n 
and  Web-based  version  of  Home  Base  with  Network  Nc  e 

See  HP,  pagi  4 
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SMC  Performance  Manager  uses  an  object-oriented  approach  to  showing  network  ele- 
tnd  events. 
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THRUST  SSC  (SUPER  SONIC  CAR)  SETTING  THE  LAND  SPEED  RECORD  DN  OCTOBER  15,  1S97  IN  THE  BLACK  ROCK  DESERT,  NEVADA. 


Introducing  the  industry’s  highest  performance  Ethernet 
switch  family  ready  to  deliver  wire-speed  non-blocking 
performance  to  1.14  billion  packets  per  second  (or  up  to 
3.42  bpps  per  7-foot  telco  rack).  Foundry’s  Biglron  RX  Series 
offers  the  highest  density  Gigabit  and  10  Gigabit  Ethernet 
switching  and  routing  solution  in  the  industry  and  is  built  on  a 
distributed  and  redundant  switch  architecture  that  ships  ready  to 
support  100  Gigabit  Ethernet.  Featuring  support  for  scalable 
Ethernet  switching,  IPv4/IPv6  routing,  consistent  low  latency 
for  all  packet  sizes  and  advanced  quality  of  service  design.  The 
Biglron  IOC  Series  meets  and  exceeds  the  needs  of  a  wide  range 
of  environments  including  Enterprise  LAN,  HPC,  MANS,  and 
next  generation  data  centers. 

FIND  OUT  MORE  ABOUT  THE  BlGlRON  RX  SERIES  AND  HOW 
YOU  CAN  TAKE  ADVANTAGE  OF  A  LIMITED  TIME  OFFER  TO 
REDEFINE  PERFORMANCE  AND  RELIABILITY  IN  YOUR 
NETWORK.  LOG  ON  TO  WWW.FOUNDRYNET.COM/BlGlRONRX. 


BigIron  RX-  1  6 


BlGlRON  RX-4 


FOUNDRY 

NETWORKS 

The  Power  of  Performance  n 


FOR  MORE  INFORMATION  PLEASE  CALL:  US/CANADA  1  BBS  TURBOLAN, 
INTERNATIONAL  +1  408.586.  1  700  OR  VISIT  OUR  WEBSITE  AT  WWW.FOUNDRYNET.COM 
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Foundry  Networks,  Inc.  is  a  leading  provider  of  high-performance  Enterprise  and  Service  Provider  switching,  routing  and  Web  traffic  management  solutions  including  Layer  2/3  LAN  switches. 
Layer  3  Backbone  switches,  Layer  4-7  Web  switches,  wireless  LAN  and  access  points,  access  routers  and  Metro  routers.  Foundry’s  8,500  customers  include  the  world’s  premier  ISPs,  metro  service 
providers,  and  enterprises  including  e-commerce  sites,  universities,  entertainment,  health  and  wellness,  government,  financial,  and  manufacturing  companies. 

©  2005  Foundry  Networks®,  the  Foundry  logo,  The  Power  of  Performance™,  Foundry™,  and  Biglron®  RX  Series  are  trademarks  of  2005  Foundry  Networks,  Inc. 

All  Rights  Reserved.  All  other  marks  are  trademarks  of  their  respective  owners. 
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ProlTs  Web-based  management  center  uses  a  combination  of  expandable  tree  lists,  a  dash¬ 
board,  charts  and  notification  lists  to  tell  you  what  your  network  is  doing. 


HP 

continued  from  page  52 
Manager. 

Drilling  down  through  Home  Base’s  maps 
to  find  device  and  connection  details  was  a 
snap  —  the  network  health  information  dis¬ 
played  by  the  maps  helped  us  locate  prob¬ 
lems  quickly  and  productively.  When  a 
problem  developed,  Home  Base  filtered 
and  correlated  its  store  of  network  events, 
and  produced  a  summary  alarm  that 
described  the  problem  clearly  and  in  plain 
language.  As  we  investigated  a  problem, 


How  we  did  it 


Our  test  environment  consisted 
of  six  routed  Fast  Ethernet 
subnet  domains  and  a  T-l 
Internet  connection.  We  ran  each 
product’s  server  components  on 
four-way  Compaq  ProLiant  ML570 
900  MHz  computers  with  Pentium 
III  CPUs,  2GB  of  RAM  and  six  18GB 
SCSI  RAID  drives.The  operating  sys¬ 
tem  was  Windows  2000  Advanced 
Server  with  SP  4.  Each  subnet’s  25 
client  computers  were  a  mix  of 
Windows  NT  4.0,  Win  2000,  Win 
2003,  Win  98,  ME,  XR  Red  Hat  Linux 
7.0  and  Macintosh  platforms.  The 
relational  databases  on  the  network 
were  Oracle  8i,  Sybase  Adaptive 
Server  11.5  and  Microsoft  SQL 
Server  2000.  Win  2000  and  NetWare 
5.1  shared  files,  while  Internet 
Information  Server,  Netscape  and 
Apache  software  served  up  Web 
pages.  An  Agilent  Advisor  protocol 
analyzer  decoded  and  displayed 
network  traffic. 

We  evaluated  each  product’s  ability 
to  manage,  administer,  update,  moni¬ 
tor,  report  on,  diagnose,  troubleshoot, 
reset,  reconfigure,  audit  (inventory) 
and  secure  network  devices,  server 
computers  and  client  computers. 
Virtually  all  our  testing  took  place 
across  WAN  links. 

In  our  tests,  we  administered  users, 
groups,  servers,  clients,  routers, 
switches,  remote  storage  and  DSU/ 
CSUs.  We  tested  the  sending  of  SNMP 
alerts,  as  well  as  the  processing  of 
incoming  alerts.  We  produced 
reports  to  show  device  and  comput¬ 
er  status  information,  inventory 
results,  network  usage  trends,  securi¬ 
ty  breaches,  availability  and  uptime 
information,  network  baseline  infor¬ 
mation  and  graphical  maps  of  the 
network.  We  tested  any  special  fea¬ 
tures  the  product  offered,  and  we 
also  looked  for  scalability,  security, 
ease  of  use  and  task  automation. 

—  BARRY  NANCE 


Home  Base  created  and  displayed  dynam¬ 
ic  menus  that  directed  our  thoughts  and 
efforts  toward  solving  the  problem. 
Customizing  Home  Base’s  analysis  of 
events  via  the  Network  Node  Manager 
Correlation  Composer  feature  was  simple 
and  straightforward. 

Predesigned  reports  from  HP  highlight 
items  such  as  performance, alarm, availabil¬ 
ity  and  inventory  trends.  Many  reports  con¬ 
trasted  current  and  historical  data,  which 
helped  us  spot  emerging  problems,  while 
other  reports  showed  network  utilization, 
top  talkers  and  listeners,  and  inbound  and 
outbound  errors.  A  Ping  Response  Time 
and  Ping  Retry  report  showed  us  such 
response  times  and  the  number  of  retries,  to 
help  measure  latency  across  our  network. 
The  RMON  Segment  Utilization  report 
revealed  network  bandwidth  usage,  and  a 
Frame  Relay  report  tracked  forward  and 
backward  congestion  rates  to  show  bottle¬ 
necks.  Reports  also  showed  summary  and 
detailed  device  availability  device  invento¬ 
ry  data,  alarm  histories  and  multiple-device 
reboot  events. 

The  OpenView  Internet  Services  module 
sported  a  productive  dashboard  interface, 
offering  us  a  quick,  tree-based  navigation, 
SLA  health  indicators  and  a  helpful  trou¬ 
bleshooting  and  analysis  tool. 

BMC’s  Performance  Manager  Portal  is  a 
Web-based  console  that  displayed  views 
of  the  network  infrastructure  elements,  as 
well  as  views  of  the  business  applications 
corresponding  to  those  elements.  BMC 
designed  the  dual  network  and  business 
views  to  help  customers  more  quickly 
identify  and  fix  problems.  Although 
switching  between  views  was  simple 
enough,  we  found  the  dual  views  didn’t 
appreciably  aid  us  in  determining  the 
problem.  When  a  router  fails,  for  example, 
its  relationship  to  the  business  environ¬ 
ment  isn’t  as  important  as  deciding  what’s 
causing  the  failure  and  knowing  how  to 
solve  it.  However,  Performance  Manager 
Portal  gave  us  a  level  of  business  intelli¬ 
gence,  as  it  clearly  showed  us  the  status 
and  health  of  the  infrastructure  elements 
and  how  those  elements  contributed  to 
our  overall  business  environment.  We 
also  felt  that  Performance  Manager’s  user 
interface  wasn’t  as  responsive  as  the 
Home  Base  interface. 

The  Performance  Manager  Portal 
includes  console  interfaces  for  administer¬ 
ing,  operating,  configuring  and  distributing 
the  Performance  Manager  modules. Via  the 
Pbrtal,  we  could  see  the  network,  servers 
and  applications  as  objects  displayed  in  an 
expandable  and  collapsible  Object  Tree. 
Clicking  on  objects  drilled  down  to  details 
regarding  the  health  of  applications,  ser¬ 
vices,  servers  and  devices.  The  Portal  and 
Performance  Manager  Console  module 
provided  us  with  the  same  breadth  of 
reports  as  HP’s  Home  Base. 

ProlTs  Web-based  user  interface  gave  us 
four  types  of  network  maps:X-type,in  which 


device  icons  are  logically  organized  into  an 
X  shape  with  gateway  devices  at  the  center; 
concentric,  in  which  devices  are  drawn  in 
concentric  circles  radiating  from  the  gate¬ 
way  at  the  center;  ring,  in  which  devices  are 
drawn  in  a  single  circle;  and  table,  in  which 
devices  are  drawn  in  rows  and  columns. 
ProIT  showed  the  direction  of  dependen¬ 
cies  along  network  paths,  and  it  differentiat¬ 
ed  between  direct  dependencies  and  sec¬ 
ondary  ones  by  drawing  direct  dependen¬ 
cies  in  bold,  and  secondary  ones  in  gray 
Next  to  the  map,  it  displayed  devices  with¬ 
out  clear  dependencies,  letting  us  investi¬ 
gate  why  the  device  appeared  not  to  have 
any  dependencies. 

Like  the  HP  and  BMC  systems,  ProIT 
showed  us  network  health  and  device  sta¬ 
tus  information  on  its  maps.  Clicking  a  map 
element  drilled  down  to  detailed  statistics 
and  status  information.  The  user  interface 
was  more  responsive  than  Performance 
Manager’s,  but  not  as  responsive  as  the 
Home  Base  interface  from  HP 

ProIT  includes  several  preconfigured 
management  reports,  as  well  as  SLA  man¬ 
agement,  availability  management,  capaci¬ 
ty  planning  and  trend-analysis  reports.  The 
SLA  reports  were  particularly  well  de¬ 
signed,  showing  us  the  current  and  previ¬ 
ous  period’s  (usually  a  month)  statistics  for 
historical  trend  assessment.  Other  reports 
showed  us  application,  server  and  network 
uptime  statistics,  profile  information  for 
asset  tracking,  event-log  analysis,  alarm  his¬ 
tories  and  utilization  data. 

BMC  and  PerformancelT  gave  us  printed 
and  online  documentation  with  their  sys¬ 
tems,  while  HP  OpenView  documentation  is 
only  online.  Despite  their  complexity  all  pro¬ 
ducts  were  easy  to  install  and  begin  using. 


Overall  we  felt  the  HP  Network  Node 
Manager,  OpenView  Operations  and  Open- 
View  Internet  Service  modules  were  collec¬ 
tively  an  excellent  way  to  explore  frame¬ 
work-based  network  management  and 
monitoring.  The  system  will  excel  for  a 
growing  midsize  company  that  needs  scal¬ 
able  tools  with  greater  capacity  and  more 
functions,  or  for  a  large  company  that  wants 
to  manage  and  monitor  its  network  more 
closely 

Nance  runs  Network  Testing  Labs  and  is 
the  author  of  Introduction  to  Networking, 
4th  edition  and  Client/Server  LAN 
Programming.  He  can  be  reached  at  bar 
ryn@erols.com. 


Lab  Alliance 


■  Nance  is  also  a  member  of  the  Network 
World  Lab  Alliance,  a  cooperative  of  the  pre¬ 
mier  testers  in  the  network  industry,  each 
bringing  to  bear  years  of  practical  experience 
on  every  test.  For  more  Lab  Alliance  informa¬ 
tion,  including  what  it  takes  to  become  a  part¬ 
ner,  go  to  www.networkworld.com/alliance. 
Other  members:  Mandy  Andress,  ArcSec;  John 
Bass,  Centennial  Networking;  Travis  Berkley, 
University  of  Kansas:  Jeffrey  Fritz,  University 
of  California,  San  Francisco;  James  Gaskin, 
Gaskin  Computing  Services;  Thomas 
Henderson,  ExtremeLabs;  Miercom,  network 
consultancy  and  product  test  center; 

Christine  Perey,  Perey  Research  &  Con¬ 
sulting;  David  Newman,  Network  Test;  Thomas 
Powell,  PINT.  Joel  Snyder,  Opus  One;  Rodney 
Thayer,  Canola  &  Jones. 


HP  PROLIANT  BL20p  G3  BLADE  SERVER 


with  ProLiant  Essentials  Management  Software 

•  Up  to  2  Intel®  Xeon™  Processors  (3.80GHz/2MB)’ 

■  High  density:  Up  to  48  servers  per  rack 

•  Flexible/Open:  Integrates  with  existing  infrastructure 

•  HP  Systems  Insight  Manager™:  Web-based  networked 
management  through  a  single  console 

•  Rapid  Deployment  Pack:  For  ease  of  deployment  and 
ongoing  provisioning  and  reprovisioning 


HP  STORAGEWORKS  MSA15QOcs 


The  HP  ProLiant  BL20p  G3  blade  server  with  the  Intel®  Xeon™  Processor  simplifies  server  management. 
Simple  to  set  up,  simple  to  monitor,  simple  to  manage.  It  all  starts  with  the  Rapid  Deployment 
Pack,  giving  you  an  automated  setup  process  to  configure  and  deploy  servers  at  a  high  volume 
and  a  rapid  pace.  Then  HP  Systems  Insight  Manager™  carefully  monitors  your  infrastructure, 
alerting  you  to  potential  problems  before  they  occur.  And,  whenever  you're  away  from  the  office, 
the  remote  management  features  let  you  manage  your  server  no  matter  where  you  are.  Plus,  you 
can  bundle  it  with  the  HP  StorageWorks  MSA1500  to  make  storing  your  data  simple,  scalable 
and  affordable.  So  with  HP,  you  get  more  expertise  before  you  buy,  more  technology  when  you 
do  and  more  support  after. 


Get  2TB  of  Storage  Free  ($3,032  Value)2 

•  Up  to  24TB  of  capacity  (96  250GB  SATA  drives) 

•  Up  to  16TB  of  capacity  (56  300GB  SCSI  drives) 

•  Ability  to  mix  SCSI  and  Serial  ATA  enclosures 
for  greater  flexibility 

•  2GB/1GB  Fibre  connections  to  host 


Download  a  free  I  DC  white  paper 

Broadening  the  Blade  Systems  Portfolio. 

Save  $750  instantly 

on  the  HP  BladeSystem  1U  power  enclosure  solution.3 
See  Web  site  for  details. 


SMART  ADVICE  >  SMART  TECHNOLOGY  >  SMART  SERVICES 


Call  1-866-356-6088 
Click  Hp.com/go/bladesmag8 
Visit  your  local  reseller 


1.  Intel's  numbering  is  not  a  measurement  ot  higher  performance.  2,  Receive  up  to  2TB  of  storage  free  with  purchase  of  HP  StorageWorks  Modular  Smart  Array  1 500cs  devices.  Offer  valid  through  1/31/06.  3.  Save  $750  instantly  on  the  purchase  of  a  BladeSystem  pCIass  1U  power  enclosure  solution.  Offer  valid 
through  1/31/06.  All  offers  available  from  HP  Direct  and  participating  resellers.  Prices  shown  are  HP  Direct  prices,  are  subject  to  change  and  do  not  include  applicable  state  and  local  sales  tax  or  shipping  to  recipient's  destination.  Reseller  prices  may  vary.  See  Web  site  for  full  details.  Photography  may  not  accurately 
represent  exact  configurations  priced.  Associated  values  represent  HP  published  list  price.  Intel,  Intel  Inside,  the  Intel  Inside  Logo  and  Intel  Xeon  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  ©2005  Hewlett-Packard  Development  Company,  L.P 
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When  Microsoft's  Group  Policy  isn’t  enough 


BY  MANDY  ANDRESS,  NETWORK  WORLD  LAB  ALLIANCE 

Windows  customers  use  Microsoft’s  Group  Policy  Object  technology  to  help 
automate  and  ease  administration  of  end-user  rights  and  access  to  network 
computers.  With  GPO,  tasks  such  as  deploying  software,  implementing  securi¬ 
ty  settings  and  enforcing  policy  can  be  configured  and  distributed  across 
organizational  units,  domains  or  sites. 


GPO  administration  should  be  a  critical  security  con¬ 
cern,  as  it  is  the  means  by  which  Microsoft  administrators 
set  up  parameters  for  things  such  as  password  policies 
and  patching  rules  if  they  are  using  Windows  Server 
Update  Services. 

Our  testing  has  shown  that  Microsoft’s  central  adminis¬ 
tration  tool,  Group  Policy  Management  Console  (GPMC), 
comes  up  short  in  several  areas  that  are  vital  in  today’s 
corporate  environment.To  fill  in  the  gaps,  however,  there 
are  third-party  tools  such  as  those  we’ve  tested  from 
Desktop  Standard,  NetlQ,  Quest  Software  and  ScriptLogic 
(www.networkworld.com,  DocFinder:  1 124). 

1.  Change  management. 

Compliance  officers,  regulators  and  auditors  are  all  look¬ 
ing  for  documented  evidence  of  changes  to  key  areas 
within  the  security  infrastructure.  With  GPMC,  multiple 
administrators  could  be  logged  on  to  the  domain  and 
making  changes  to  the  same  policy 

If  changes  are  made  at  the  same  time  without  coordina¬ 
tion  or  review,  the  results  could  be  disastrous,  corrupting 
the  GPO  and  requiring  a  complete  restore  from  backup. 
Depending  on  the  changes,  a  number  of  servers  and  end 
users’ systems  also  may  be  affected. 

Several  of  the  third-party  tools  provide  change-manage¬ 
ment  functionality  With  most  of  these  products,  when  a 
policy  was  being  edited  by  an  administrator,  the  policy 
was  “checked  out” —  locked  from  being  used  by  any 
other  administrator. The  tools  also  implemented  some 
type  of  workflow  to  enable  segregation  of  duties.The 
implementation  differed  between  products,  but  the  goal 
was  the  same:  enable  a  process  where  changes  must  be 
reviewed  and  approved  before  going  live. 

2.  Version  control. 

Within  the  scope  of  GPMC,  previous  versions  of  a  com¬ 
pany’s  policies  are  not  automatically  maintained  for 
review  or  easy  restore  in  the  event  of  a  problem. 

The  third-party  tools  have  very  simple  restore  options 
that  put  any  previous  version  of  a  policy  back  into  the 
production  environment.  If  a  policy  placed  into  produc¬ 
tion  has  bad  effects,  current  Windows  tools  require  an 
administrator  to  remember  to  make  a  manual  backup  of 
the  GPO  before  making  any  changes.  Although  you  can 
implement  processes  and  checklists  that  require  this  step, 
it  may  stili  be  missed.The  third-party  tools  make  an 


administrator’s  job  easier  by  not  requiring  that  they 
remember  to  perform  this  step  manually 

The  third-party  products  also  add  version  control,  pro¬ 
viding  quick  and  easy  methods  to  review  all  previous  ver¬ 
sions  of  any  given  policy  With  version  control,  these  prod¬ 
ucts  are  able  to  create  differential  analyses  between  poli¬ 
cies.  What  changed  in  the  current  policy  from  the  policy 
in  effect  two  months  ago?  With  current  GPMC  administra¬ 
tion  tools,  this  would  be  a  manual  process. The  third-party 
tools  make  it  as  simple  as  a  few  clicks  of  the  mouse  and 
creating  reports  that  easily  identify  changes. 

3.  Offline  testing. 

In  the  default  Active  Directory  administration  environ¬ 
ment,  all  changes  are  put  immediately  into  production. 
Testing  is  not  an  easy  option.You  can  get  around  this  by 
building  completely  separate  testing  domains  and  net¬ 
works,  but  that  is  not  always  feasible. The  third-party  tools 
make  changes  to  offline  copies  of  policies,  only  pushing 
them  to  production  once  they’re  approved. 

4.  Access  control. 

Using  only  GPMC  to  control  who  has  access  to  modify 
policies  is  also  problematic.  To  make  these  changes, 
users  require  very  high-level  permissions,  which  should 
not  be  provided  to  most  users.  Companies  are  frequent¬ 
ly  asked  to  lock  down  and  decrease  the  number  of 
users  with  powerful  administrative  rights,  but  this  is  very 
difficult  if  users  need  those  rights  to  perform  day-to-day 
operations. 

Some  of  the  third-party  products  enable  detailed  admin¬ 
istrative  access  to  group  policies  and  do  not  require  that 
users  have  full  control  of  the  production  environment. 
With  these  access-control  models,  a  single  account  acts  as 
a  proxy  and  makes  changes  to  the  production  environ- 
ment.The  product’s  access  control  system  enables  admin¬ 
istrators  to  limit  users’  access  to  individual  policies. 

5.  Audit  trail. 

Corporations  deal  with  tremendous  audit  and  compli¬ 
ance  requirements  in  today’s  regulatory  environment,  and 
therefore,  their  ability  to  provide  a  complete  audit  trail  of 
changes  is  paramount.  Windows  offers  some  assistance  in 
its  Security  Event  Log  —  if  auditing  is  enabled  —  but  the 
log  messages  for  the  most  part  are  cryptic. 

Also,  no  reporting  functionality  is  included  that  would 


help  an  administrator  quickly  query  and  identify  the 
exact  user  who  made  a  specific  change  at  a  given  point  in 
time.  Once  again,  third-party  products  add  this  functionali¬ 
ty  often  creating  databases  of  change  events.  Administra¬ 
tors  can  then  create  reports  showing  very  specific  change- 
event  information. 

Microsoft  offers  Resultant  Set  of  Fblicy  functionality  — 
analysis  information  showing  the  full  implementation  of  a 
policy  —  as  a  separate  Microsoft  Management  Console 
snap-in  from  GPMC.You  can  run  in  logging  mode  or  plan¬ 
ning  mode.  Logging  mode  looks  at  the  current  production 
environment,  and  planning  mode  provides  the  ability  to 
perform  some  what-if  analysis. 

The  third-party  products,  however,  pull  this  functionality 
into  their  own  management  consoles,  making  it  easier  to 
access.They  also  improve  the  reports  from  the  default 
console,  making  them  easier  to  read  and  understand. 

The  trade-offs  with  third-party  tools 

Third-party  tools  add  a  lot  of  features,  but  at  a  price. 

First,  they  are  separate  products  that  need  to  be  pur¬ 
chased  and  maintained.  Second,  with  their  detailed 
access-control  functions,  you  need  to  take  the  time  to 
plan  and  design  segregation  of  duties.  Otherwise,  most 
users  end  up  with  all  rights  because  the  proper  model 
has  not  been  implemented  to  take  advantage  of  the  tools. 
Third,  a  new  product  has  a  learning  curve,  and  some  users 
may  be  frustrated  at  the  beginning. 

The  area  that  could  have  the  biggest  effect  on  your  envi¬ 
ronment,  though,  is  additional  entries  in  the  Security  Event 
Log.  The  performance  impact  depends  a  lot  on  the  specif¬ 
ic  log  items  you  enable  and  how  frequently  you  make 
changes,  but  this  needs  to  be  tested  thoroughly  before 
going  to  production. 

You  can  develop  your  own, similar  tools  using  the  APIs 
and  hooks  into  GPO  management  that  Microsoft  provides. 

This  is  very  challenging,  though,  as  administrators  and 
developers  are  already  scarce  in  most  organizations.You 
also  need  to  consider  that  developing  Windows  manage¬ 
ment  tools  may  not  be  a  core  competency 

Andress  is  president  ofArcSec  Technologies ,  a  security  com¬ 
pany  focusing  on  product  reviews  and  analysis.  She  can  be 
reached  at  mandy@arcsec.com. 


Making  the  switch  to  new 
GPO  tools 

You  need  third-party  Group  Policy  administration 
tools  if: 

•  Multiple  administrators  modify  your  Microsoft  Group  Policy  settings. 

•  You  have  expanded  reporting  requirements,  which  are  generally 
required  for  audit  or  compliance  standards. 

•  You  need  to  test  proposed  Group  Policy  changes  before  modifying 
production  servers. 
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NetVanta  Switches,  Routers,  and  VPN  Solutions. 

With  every  NetVanta  switch  or  router  installed,  your  data  network 
moves  one  step  closer  to  being  fully  VoIP  ready.  Engineered  to  handle 
the  special  characteristics  of  voice  on  a  data  network,  this  advanced 
series  includes  Power  over  Ethernet,  end-to-end  Quality  of 
Service  (QoS),  stringent  security,  NAT  firewall  traversal,  and 
numerous  other  VoIP  prerequisites.  Since  NetVanta  solutions 
cost  about  50%  less  than  leading  brand  name  switches  and 
routers,  VoIP  may  not  be  nearly  as  expensive  as  you  originally 
thought.  You  just  need  the  right  hardware.  NetVanta. 

NetVanta  is  brought  to  you  by  ADTRAN  — a  company  that  now 
holds  number  two  market  position  in  less-than-l-Gbps  access 
routers  worldwide.  Every  NetVanta  includes  ADTRAN ’s  100% 
satisfaction  guarantee,  backed  by  unlimited  telephone  technical 
support  (before  and  after  the  sale),  free  maintenance  upgrades, 
and  a  full  5-year  warranty. 
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M  How  emerging  technologies  are  transforming  key  vertical  industries 


Healthcare’s  storage  needs  soar 

Electronic  medical  records  generate  many  terabytes  of  data  that  needs  to  be  retained. 


BY  DENI  CONNOR 


ichael  Pdsse, storage  architect  for  Beth  Israel  Deaconess  Medical  Center,  has  a  chal¬ 
lenge  on  his  hands  —  to  digitize  85%  of  patient  data  for  the  556-bed  Boston  hospi¬ 
tal  by  2010  and  make  it  available  to  physicians  in  easily  accessible  electronic  form. 


AT  A  GLANCE: 


HEALBCARE 


— 


•  Enterprise  healthcare  spent  an  estimated 
$27  billion  on  IT  services  in  2004,  research 
firm  In-Stat  estimates. 


Beth  Israel  staffers  are  tackling  the  laborious  task  of 
scanning  patient  charts  and  records  and  integrating  them 
with  medical  images,  along  with  implementing  enough 
storage  each  year  to  accommodate  electronic  medical 
records  (EMR)  for  patients. 

The  challenge  is  one  that  every  hospital  and  doctor’s 
office  in  the  country  faces.  President  Bushs  Health 
Information  Technology  Plan  mandates  that  patients  have 
electronic  medical  records  by  2014. 

“More  and  more  visual  information  is  being  digitized, 
accelerating  the  already-explosive  growth  of  required 
storage  capacity  —  especially  at  extreme  resolution  levels 
common  to  clinical  environments,”  says  David  Freund, 
senior  analyst  for  Illuminata.The  good  news  is  that  digital 
images  are  much  easier  for  medical  personnel  to  manip¬ 
ulate  and  to  share  among  colleagues,  whether  they  are 
across  the  hall  or  across  a  continent.  But  that’s  also  the 
bad  news,  because  it  compounds  the  tracking  and  reten¬ 
tion  burden  faced  by  many  organizations.” 

EMR  implementation 

With  Beth  Israel  in  the  early  stages  of  EMR  deploy¬ 
ment,  about  35%  of  its  data  is  in  electronic  format,  with 
the  remainder  in  paper,  Passe  says.  He’s  working  towards 
the  goal  of  having  85%  of  the  hospital’s  records  digitized 
by  2010. 

At  that  point,  the  remaining  15%  of  data  will  be  scanned 
as  Adobe  Acrobat  PDF  files.  Everything  else,  including  X- 
rays  and  diagnostic  images  from  the  hospital’s  Picture 
Archiving  and  Communications  System  (PACS)  image 
management  system,  admission  information  and  tran¬ 
scribed  data,  will  be  incorporated  with  the  EMR  system. 

Such  storage  demands  cause  a  major  headache  for 
Passe. “As  you  can  imagine  over  the  last  two  years  the  var¬ 
ious  formats  and  information  we  need  to  retain  has  had  a 
significant  impact  on  storage  both  in  my  area  and  in  the 
cardiology  and  radiology  departments,”  he  says. 

To  meet  this  burgeoning  need  for  storage,  Passe  installed 
an  EMC  Symmetrix  3930  array,  two  Clariion  CX600  storage 
systems  and  an  EMC  Centera  content-addressable  storage 
system.  He  also  adopted  an  information  life-cycle  man- 
"jement  strategy  to  store  and  retain  the  data,  some  of 
vv; :  h  must  be  kept  for  as  long  as  30  years. 

Passe’s  top  tier  of  storage  —  where  current  EMR  data 
resides  —  is  22TB  of  EMC  Symmetrix  DMX  storage.  “As 
data  becomes  accessed  less  frequently,  it  is  moved  to  40 
terabytes  of  midtier  EMC  Clariion  storage,”  Passe  says. 
And,  as  the  data  further  ages  it  is  moved  off  to  9.6  ter¬ 


abytes  of  Centera  storage  for  a  long-term  archive.” 

The  effect  of  EMR  and  PACS  on  storage  is  immense  for 
Passe.  One  computed  tomography  (CT)  exam  can  take  as 
much  as  a  1GB  of  storage.  Passe  currently  has  a  50TB  stor¬ 
age-area  network  (SAN). 

“If  you  consider  that  a  digital  X-ray  is  about  10MB  of  stor¬ 
age  at  a  minimum,  then  a  large  hospital  is  likely  to  require 
several  terabytes  of  storage  just  for  X-rays,  not  including 
associated  patient  files,”  says  Stephanie  Balouras,  senior 
analyst  for  Forrester  Research.  “Then  because  this  infor¬ 
mation  has  to  be  retained  for  20  years  or  potentially  for  a 
patient’s  entire  life,  the  long-term  storage  requirements  are 
fairly  significant.” 

The  amount  of  data  being  stored  on  Beth  Israel’s  SAN 
has  grown  by  as  much  as  200%  a  year  because  of  docu¬ 
ment  storage.  With  the  EMC  SAN  and  its  tiered-storage 
plan  in  place,  Passe  estimates  that  this  growth  will  slow  to 
about  25%  to  30%  a  year. 

Document  demands 

Elaine  O’ Bleness,  director  of  health  information  services 
for  Banner  Health  Care  in  Greeley,  Colo.,  has  seen  the 
upside  of  EMR.  She  deployed  an  Optio  QuickRecord 
Intelligent  Hub  (an  appliance  that  indexes  and  organizes 
EMR  data)  to  manage  her  Fuji  PACS  and  EMR  data. 

“We  have  had  all  laboratory  radiology  and  all  tran¬ 
scribed  reports,  plus  all  point  of  care  for  nursing  in 
QuickCharts,”  O’Bleness  says.  QuickCharts  gives  clinicians 
intranet  and  remote  access  to  QuickRecord  health  data. 

“We  have  three  EMC  Clariion  CX600s  we  use  for  PACS  in 
radiology  and  cardiology,  but  we  have  to  incorporate  into 
QuickRecords  storage  as  well,”  says  Mike  Brachtenbach, 
senior  network  analyst  for  Banner,  who  manages  18TB  of 
storage.  QuickRecord  data  is  stored  on  an  IBM  disk 
attached  to  the  company’s  RS/6000  host  computer.  The 
RS/6000  communicates  with  the  EMC  Clariion  SAN. 
Brachtenbach  is  looking  at  adding  an  EMC  Centera  to  his 
SAN  for  deep  archiving. 

One  of  the  healthcare  organization’s  biggest  challenges 
with  EMR  is  scanning  paper  documents  into  the 
QuickRecords  system. “Scanning  is  incredibly  labor-inten¬ 
sive,  not  to  mention  the  fact  that  it  takes  up  a  lot  of  space 
and  once  you  are  done  you  only  have  a  piece  of  paper 


•  The  Bush  administration  wants  all  U.S. 
patients  to  have  an  electronic  medical  record 
(EMR)  by  2014. 

•  Currently,  20%  to  25%  of  hospitals  and  15% 
to  20%  of  physician’s  offices  have  adopted 
EMR  systems,  according  to  RAND. 

•  RAND  forecasts  that  adoption  of  EMR  could 
save  $77  billion  per  year  and  cause  a  4% 
increase  in  IT  productivity. 


that  is  electronic  that  you  can’t  do  anything  with,” 
O’Bleness  says. 

According  to  Optio,  scanned  reports  can  take  10  to  20 
times  more  space  than  an  EMR. 

“With  QuickRecords,  we’ve  eliminated  approximately 
60%  of  requests  for  physical  medical  records  and  wiped 
out  health  information  management  backlogs,”  O’Bleness 
says. 

John  Young,  a  senior  systems  engineer  at  Presbyterian 
Health  Care  Services  in  Albuquerque,  N.M.,  also  is  imple¬ 
menting  EMR  throughout  his  organization.  He  is  tying  sev¬ 
eral  clinical  systems  and  a  McKesson  PACS  together. 

“EMR  and  PACS  has  had  a  200TB  impact  on  our  storage,” 
Young  says.  “We  are  experiencing  a  20%  growth  rate  per 
year.  When  we  have  to  retain  data  for  up  to  20  years,  it’s  a 
major  issue  to  deal  with.” 

Presbyterian  Health  Care  Service  stores  its  medical  data 
on  an  IBM  Enterprise  Storage  Server  and  two  DS4400  stor¬ 
age  arrays  with  7TB  to  8TB  bytes  of  storage,  which  cost  his 
organization  about  $1.2  million  to  implement. 

Three  to  six  months  of  PACS  and  EMR  data  is  initially 
stored  on  an  IBM  Enterprise  Storage  Server  at  Presby¬ 
terian  Health  Care  Services.  As  the  data  ages,  it  is  moved 
to  the  DS4400s  for  12  to  18  months.  Finally,  it  is  archived  on 
IBM  3590  Limited  Tape  Open  tape  library  with  IBM  Tivoli 
Storage  Manager. 

“From  a  technical  perspective,  we  have  seen  benefits 
from  implementing  this  SAN,”  Young  says.  “We  now  have 
storage  on  demand,  easier  maintenance,  standardization 
and  time  savings.” 
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Danger  lurks  within  your  company.  The  warning  signs  are  right  there  in  front  of  you.  Like  confidential  data  that's  more  valuable  than  ever. 

And  a  perimeter  that's  highly  vulnerable.  It's  the  formula  for  a  data  breach.  If  it  happens,  it  could  be  devastating.  Enter  EpiForce  “  from 
Apani  Networks™.  It's  built  from  the  ground  up  to  secure  inside  the  enterprise.  It's  highly  scalable  and  secures  your  data  regardless 
of  your  platforms.  Let’s  face  it,  hiding  from  an  internal  data  breach  won't  protect  you.  But  EpiForce  will. 

To  learn  more  about  securing  Inside  the  network  perimeter,  get  a  free  copy  of  "The  Definitive  Guide  to  Security  Inside 
the  Perimeter"  from  Realtimepublishers,  sponsored  by  Apani  Networks.  Go  to  www.apani.com/nwguide 


YOUR  JOB  IS  TO  KEEP  SYSTEMS  AND  APPLICATIONS  RUNNING. 
OUR  MISSION  IS  TO  KEEP  PEOPLE  AND  INFORMATION  CONNECTED 

LET’S  WORK  TOGETHER. 
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Continuous  access  to  information  no  matter  what.  That’s  Information 
Availability.  It's  what  your  employees,  suppliers  and  customers  demand  every 
minute  of  every  day.  But  to  deliver  it  flawlessly,  you  need  a  massive  global 
infrastructure,  redundant  systems  and  diverse  networks  being  monitored  and 
supported  by  skilled  technical  experts  at  secure  facilities.  That’s  exactly  what 
SunGard  provides. 


As  a  result,  we  can  offer  you  a  higher  level  of  availability  and  save  your 
company,  on  average,  25%*  versus  building  the  infrastructure  yourself.  Plus, 
.  s  i  vendor  neutral  solution  that  lets  you  control  your  data,  applications  and 
network  while  giving  you  the  flexibility  to  adjust  to  the  changing  needs  of  your 
business.  But  best  of  ail,  it  lets  you  spend  more  time  solving  business  problems 
ai. d  less  time  solving  technical  problems. 


For  years,  companies  around  the  world  have  turned  to  SunGard  to  restore  their 
systems  when  something  went  wrong.  So,  it’s  not  surprising  that  they’re  now 
turning  to  us  to  mitigate  risk  and  make  sure  they  never  go  down  in  the  first  place. 

You  want  your  network  and  systems  to  always  be  up  and  running.  We  want  the 
same  thing.  Let's  get  together.  To  learn  more,  visit  www.availability.sungard.com  or 
call  1-800-468-7483. 

SUNGARD 

Availability  Services  Connected ™ 

‘Potential  savings  based  on  IOC  White  Paper.  Ensuring  Information  Availability  Aligning  Customer  Needs  with  an  Optimal  Investment  Strategy. 
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E-MAIL  NEWSLETTER  SHOWCASE:  WIRELESS  IN  THE  ENTERPRISE 


The  good,  the  bad,  the  unknown  about  mesh 


BY  JOANIE  WEXLER 

It  seems  I  just  got  started  on  my 
musings  about  using  mesh  Wi-Fi 
for  public  network  services  last 
week  (see  www.networkworld. 
com,  DocFinder:  1229)  ,  and  sud¬ 
denly  I  had  reached  the  end  of 
my  allotted  word  count.  So  here 
are  a  few  other  points  of  interest 
on  this  topic: 

•  For  public  safety  purposes,  Wi¬ 
Fi  offers  good  bandwidth.  But  by 
itself,  it  isn’t  an  optimum  technol¬ 
ogy  for  speeding  down  the  street 
after  suspects  at  100  mph.  Check 
that  your  provider  has  built  in  fast 
roaming  and  handoff  into  its 
mesh  routing  algorithm  and  at 
what  speeds  mobile  mesh 
devices  can  communicate,  both 
with  one  another  and  back  to  sta¬ 
tionary  access  points.  If  these 
capabilities  aren’t  present,  you 
may  also  need  special  tracking 
software  at  the  back  end  and 
client/server  mobility  software 
from  IBM,  Ecutel,  NetMotion  Wire¬ 
less,  Badcom  or  other  “session-per¬ 
sistence”  vendor. 

For  more  static  scenarios,  such 
as  a  crime  scene  or  fire,  Wi-Fi 
holds  more  promise.  Start-up 
PiacketHop,  for  example,  contends 
that  it  gets  around  the  whole  infra¬ 
structure  interference  and  over¬ 
load  issue  during  an  emergency 
by  outfitting  all  public  safety 
emergency  responders  with  mesh 
software  that  turns  their  Wi-Fi 
devices  into  instant  but  temporary 
local  Wi-Fi  mesh  networks  that  can 
operate  with  or  without  a  Wi-Fi 
access  point.  Members  of  the  ad 
hoc  group  are  both  clients  and 
backbone  devices,  communicat¬ 
ing  video  and  whiteboard  draw¬ 
ings  to  one  another  of  exactly 
where  personnel  are  needed. 

•  Some  Wi-Fi  mesh  vendors 
support  slots  for  WiMAX  (which 
supports  QoS  in  the  standard  and 
will  run  in  licensed  bands)  and 
the  4.9-GHz  band,  which  has 
been  set  aside  for  public  safety 
applications.  A  couple  questions 
here:  Which  network  operators 
can  get  2.5GHz  licenses?  Sprint 
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In  your  in-box 

Sign  up  for  this  or  any  of  Network 
World's  many  other  e-mail  newsletters. 

DocFinder  1002 


Nextel  owns  most  of  the  2.5  GHz 
spectrum  for  which  WiMAX 
equipment  is  initially  being  built 
in  the  United  States.  And  won’t 
the  shift  to  4.9GHz  blow  the 
economies  of  scale  and  interop¬ 


erability  benefits  that  Wi-Fi  has 
already  established? 

Note  that  early  WiMAX  equip¬ 
ment  is  also  being  built  for  the 
3.5-GHz  band  for  regions  outside 
the  U.S.,  and  Intel  is  lobbying  in 


Washington  to  get  slices  of 
3.650GHz  set  aside  in  North 
America  for  WiMAX.  No  report 
on  its  success  so  far,  but  equip¬ 
ment  designed  for  3.5GHz 
should  also  work  in  3.650GHz, 


according  to  Intel. 

Wexler  is  an  independent  net¬ 
work  technology  writer/editor  in 
Silicon  Valley.  She  can  be  reached 
at  joanie@jwexler.com. 


Rollover  your  unused  monthly  CDN 
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grow  your 
business. 


Get  more  from 
your  CDN  dollars 
with  Mirror  Image’s 
TotalValuePlan. 

Paying  for  Content  Delivery  services 
and  not  getting  the  chance  to  use 
them  has  never  made  any  sense. 

Some  Content  Delivery  Network  (CDN) 
vendors  charge  their  customers  the 
maximum  contractual  monthly  fee  even 
if  the  customer  still  has  unused  CDN  services  for  that 
month.  Plus,  these  customers  cannot  carryover  those 
unused  services  from  one  month  to  the  next.  That  is, 
up  until  now. 

Mirror  Image  lets  its  customers  rollover  their  unused 
contractual  monthly  services  with  Mirror  Image’s 
TotalValuePlan. 


mirror  image® 

Our  Network  is  Your  Network'." 

www.mirror-image.com 


Wm 


The  TotalValuePlan  provides  customers  with  the 
following  benefits: 

•  No  overage  penalties  or  bursting  fees. 

•  Rollover  your  unused  dollars. 

•  Buy  as  you  go  with  our  flexible  term  length  contracts. 

Our  business  is  100  percent  customer-centric,  and  we 
encourage  our  customers  to  grow  their  business  and 
be  successful  by  providing  them  with  customer  friendly 
products,  services  and  pricing. 

For  more  information  about  Mirror  Image’s 
TotalValuePlan  call  us  today  at  +i  8oo  353  2923  and  learn 
how  you  can  get  more  out  of  your  CDN  dollars. 


Copyright  ©2005  Mirror  Image'  Internet.  Inc. 


BIG  HOSTIN 


Compare  1&1  with  other  companies  and  you'll  see  that  not 
all  web  hosts  are  created  equal.  You  want  the  most  web 
for  your  money,  so  you  need  a  web  hosting  specialist.  1&1 
focuses  all  its  resources  on  bringing  you  the  most  complete 
hosting  packages  at  some  of  the  best  prices  in  the  industry. 


It's  official:  the  gloves  are  off!  With  4  million  customers 
and  more  than  a  decade  of  web  hosting  experience,  1&1 
stands  head-to-head  with  all  the  industry  heavyweights. 

Compare  for  yourself  and  see  why  1&1  is  the 
world's  #1  web  host. 


■  •  ■ .  Netcraft  Ltd  -  www.netcraft.com 


1.877. GOIANDI 


WA  Named  2004  Hosting 

Growth  Leader  by  Netcraft 

WA  World's  largest  web  host 
according  to  Netcraft 

fA  More  than  5  million 
domains  and  4  million 
customers  worldwide 


PA  Over  15  years  of 
industry  experience 

WA  Innovative  web 
applications 

200  in-house 
programmers 


Unsurpassed 

connectivity 

WA  One-stop  shop  for  all 
your  website  needs 

a  24/7  toll-free  phone  & 
e-mail  support 


HERE'S  WHY  1&1  IS  THE  CLEAR  WINNER  IN  WEB  HOSTING: 


YAHOO! 


STARTER 


DELUXE 


r  Plus  $3.99  ^ 

per  year  with 
non-domain  purchase 
wfrom  Go  Daddy  ^ 


Price  per  month 
included  Domains 


Monthly  Transfer  Volume 


E-mail  Accounts 


Mailbox  Size 


dxtra  charge  applies^ 


Website  Builder 


Plus  $8.95 
per  month  for  a 
10-page  site  with 
Go  Daddy 


Dynamic  Web  Content 


Web  Statistics 


Chat  Channels 


25  MySQL  (Linux) 


25  MySQL  (Linux) 


Database 


MySQL  support 


dxtra  charge  applieLl> 


Extra  charge  applies 


Search  Engine  Tools 


l  You'll  pay  ^ 
from  $29.95  per  year 
additional  with 
^  Go  Daddy  A 


PHP  Support  (Linux) 


Perl  Support  (Linux) 


Software  suite  ($600  value) 


90-day  Money  Back  Guarantee 


24/7  Toll-free  Phone,  E-mail 


24/7  Toll-free  Phone,  E-mail 


24/7  Phone,  E-mail 


Support 


[  1&1  delivers 
the  best  value 
r  your  money! 


©  2005  1&1  Internet  Inc.  All  rights  reserved.  Prices  based  on  a  comparison  of  regular  prices  effective  11/03/2005,  Product  and  program  specifications,  availability,  and  pricing 
subject  to  change  without  notice.  Visit  1  andl  .com  for  details.  Go  Daddy  is  a  registered  trademark  of  Go  Daddy  Software,  Inc.;  Yahoo!  is  a  registered  trademark  of  Yahoo!  Inc. 


1AND1 


FOR  MORE  DETAILS  VISIT 


i  remote  servers? 
One  solution. 


Introducing  the  next 
generation  of  KVM 

The  Dominion  KX101 


Actual  Size 


All  the  power  of  our  Dominion®  KX  packed  into  a  smaller,  incredibly  versatile  form  factor. 

•  Deploy  them  by  the  hundreds,  even  in  dispersed  locations. 

•  Manage  them  all  centrally  through  a  single  IP  address. 

•  Get  to  them  all  without  the  access  limitations  of  a  KVM  switch. 

Visit  us  online  to  learn  more  about  switchless  KVM  that  KX  butt  and  the  future  of 
infrastructure  management. 


www.  KX  butt.com 


Hi  Raritan. 

When  you're  ready  to  take  control.™ 


£)  2005  Raritan.  Inc.  Raritan  and  Dominion  are  registered  trademarks  of  Raritan.  Inc. 
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MANAGEMENT  STRATEGIES 

CAREER  DEVELOPMENT  ■  PROJECT  MANAGEMENT  H  BUSINESS  JUSTIFICATION 

How  to  buy  storage 

An  expert  offers  best  practices  for  purchasing  storage,  from  drives  to  SANs. 


BY  BILL  PELDZUS 


Do  storage  vendors  really  sell  hardware  anymore? 
I’d  say  no.  They  sell  solutions,  value-add  services, 
software,  maintenance  and  so  forth. Whatever  they 
call  it,  you  still  need  to  store,  protect,  back  up  and  archive 
your  data  on  something. 


Like  many  consultants,  I  previously 
worked  as  an  IT  director  and  a  vendor. 
When  I  made  a  fairly  significant  career 
move  to  a  storage  vendor,  I  remember  my 
datacenter  compatriots  remarking  that  I 
was  going  over  to  the  dark  side. 

The  contrast  between  the  customer  and 
vendor  sides  of  the  purchasing  table  is 
amazing.  I  quickly  realized  how  many  $1 
million-plus  storage  purchases  I  had  made 
where  1  left  something  —  many  times  a  sig¬ 
nificant  something  —  on  the  table. The  bot¬ 
tom  line:  It’s  all  about  leverage;  when  you 
have  it  as  a  customer,  you  need  to  use  it. 

There  are  hundreds  of  tips  and  tech¬ 
niques  to  get  the  most  out  of  your  next  stor¬ 
age  purchase,  but  the  advice  that  follows  is 
a  good  starting  point.  It’s  often  about  more 
than  just  lowering  the  overall  price.  I’m  not 
advocating  negotiating  deal  after  deal  in 
which  the  vendors  lose  money  —  that’s  not 
good  for  either  party 

Margins  can  be  pretty  significant,  howev¬ 
er,  sometimes  well  over  50%  on  list  price.  If 
you  can  get  more  when  you’re  spending 
big  bucks,  it  can  make  you  a  hero  in  many 
eyes,  from  the  CFO  to  the  CTO. 

Understand  the  objectives 

When  making  a  large  storage  purchase, 
the  two  most  important  internal  responsi¬ 
bilities  are  to  create  and  follow  a  detailed 
process,  and  to  have  the  subject-matter 
expertise  necessary  to  keep  you  from 
being  led  in  the  wrong  technology  or 
product  direction. 

The  bigger  the  purchase,  the  more  lever¬ 
age  you  have.  Chances  are  you  won’t  have  a 
lot  of  influence  when  you  are  negotiating  a 
purchase  of  additional  disk  drives  to  put 
into  an  existing  storage  array 

On  the  other  hand, you’ll  get  a  lot  of  atten¬ 
tion  from  vendors  if  you  are  migrating  a 
large  server  farm  or  data  center  with  direct- 


attached  storage  into  a  consolidated  stor¬ 
age-area  network  (SAN).  For  big  compa¬ 
nies,  such  a  purchase  typically  costs  in  the 
seven-figure  range.  Understand  your  lever¬ 
age  in  the  purchasing  process  and  take 
control  from  start  to  finish. 

Have  realistic  expectations 

It’s  absolutely  amazing  the  amount  of 
time  and  resources  that  the  purchase 
process  and  procedures  take.  At  a  high 
level,  the  tasks  include  selecting  participat¬ 
ing  vendors,  finalizing  confidentiality  and 
non-disclosure  agreements,  and  distribut¬ 
ing  an  intent  to  respond  (ITR),  which  is  the 
first  document  that  goes  out  to  vendors 
about  your  purchase. 

The  ITR  provides  your  expectations  for 
the  project,  establishes  the  ground  rules  for 
communications,  and  schedules  the  multi¬ 
ple  vendor  meetings  and  presentations. 
Program  and  project  management  can  be 
a  full-time  job.  From  start  to  finish,  including 
providing  adequate  time  for  responses,  a 
midsize  purchase  project  can  take  two 
months  or  more. 

Know  your  requirements 

An  RFP  is  the  cornerstone  of  a  large  stor¬ 
age  purchase.  Too  often,  RFPs  ask  about 
technology  rather  than  dictating  it  —  an  im¬ 
portant  difference.  Also,  too  often  over¬ 
looked  are  the  time  and  the  subject-matter 
expertise  and  experience  it  takes  to  write  an 
effective  RFPMapping  your  requirements  to 
available  technologies  is  crucial. 

A  storage  reference  architecture,  which 
notes  the  current  and  desired  future  state  of 
the  storage  environment,  is  essential  to  a 
successful  purchase. 

If  you  don’t  have  a  good  understanding  of 
what  you  want,  take  a  step  back  and  dis¬ 
tribute  a  request  for  information  (RFl).The 
RFI  will  help  you  decide  on  the  best  tech¬ 


nology  product  and  then  will  act  as  the 
homework  required  to  make  rock-solid  the 
future-state  storage  reference  architecture. 

If  you  don’t  take  the  time  upfront  to  do 
this,  it  is  highly  probable  the  project  will  fail. 
As  an  example,  how  can  anyone  effectively 
rank  and  gauge  an  RFP  response  when  one 
vendor  is  proposing  a  Fibre  Channel  SAN 
and  the  other  is  proposing  a  storage  net¬ 
work  based  on  iSCSI?  How  can  those  two 
proposals  be  compared  when  the  tech¬ 
nologies  are  fundamentally  different?  A 
solid  reference  architecture  will  ensure  that 
all  proposals  are  based  upon  the  same 
technology  set,  fostering  an  apples-to- 
apples  comparison. 


Secrets  to  a  successful  RFP 

•  Ensure  enough  time  and  resources  are 
dedicated  to  the  overall  purchasing  process. 

Dictate  the  solution  through  a  storage 
reference  architecture. 

Before  distributing  the  RFP,  determine  how 
you'll  evaluate  the  responses  against  your 
requirements. 

Require  line-item  pricing  in  the  proposals. 

Word  your  questions  as  specifically  as 
possible,  requiring  a  "yes"  or  "no"  response 
where  appropriate. 


Don’t  be  apprehensive  about  requiring 
line-item  pricing,  and  make  sure  you 
weigh  and  rank  your  questions  and 
responses  before  you  distribute  an  RFR 
While  they  may  seem  like  simple  com¬ 
mon  sense,  both  these  steps  are  frequent¬ 
ly  overlooked. 

To  vendors,  line-item  pricing  is  like  fin¬ 
gernails  scraping  on  a  chalkboard.  They 
don’t  want  to  tell  you  the  price  of  every¬ 
thing  they  are  proposing,  because  it  re¬ 
veals  where  the  margins  are  and  what 
makes  up  the  overall  price. 

You  will  be  amazed  at  the  fluctuations  in 
price  among  similar  (or  even  exactly  the 
same)  components  from  different  ven¬ 
dors,  including  disk  drives,  cache,  mainte¬ 
nance  and  software  licensing  structures. 

For  example,  some  storage-array  vendors 
price  replication  software  based  on  the 
total  amount  of  storage  in  the  array,  but  oth¬ 


ers  base  it  either  on  volume  tiers  or  on  just 
the  total  amount  of  storage  being  replicat¬ 
ed.  Another  example  of  fluctuation  is  the 
duration  and  cost  of  software  mainte¬ 
nance.  Maintenance  in  a  hardware  pur¬ 
chase  can  vary  from  as  little  as  90  days  to  as 
much  as  three  years. 

Recognize  that  there  are  questions  in 
your  RFP  that  are  just  informational  and 
others  that  are  fundamental  to  your  require¬ 
ments  for  features  and  functionality  Make 
sure  you  prioritize  your  questions  —  from 
most  important  to  nice  to  know  —  accord¬ 
ing  to  how  much  weight  their  answers  will 
carry.  Doing  this  will  greatly  assist  your 
analysis  of  proposals  and  dramatically 
speed  your  decision-making  process. 

There  are  so  many  more  tips  and  tech¬ 
niques  to  discuss,  but  column  size  con¬ 
straints  don't  allow  exploring  those  now.  I 
often  speak  at  storage  trade  shows  on  this 
topic,  and  hope  to  see  you  at  one  soon. 

In  summary,  when  embarking  on  your 
next  storage  purchase,  determine  the 
resources,  time,  and  effort  that  it  will  take. 
Use  outside  help  if  necessary.  Quantifying 
the  return  on  investment  to  your  manage¬ 
ment  isn't  difficult  -  I've  seen  as  much  as 
ten  times  ROI  on  larger  deals.  Analogous 
to  your  old  school  days,  the  more  time 
you  invested  in  studying  for  a  test,  the  bet¬ 
ter  your  test  scores  were. 

Understanding  the  process  and  putting 
in  the  time  up  front  will  yield  many  bene¬ 
fits.  Even  more  importantly  all  this  up-front 
work  will  make  your  overall  job  easier 
both  before  the  check  is  cut  and  after  the 
stuff  shows  up  on  the  dock. 

Peldzus  is  director  of  storage  architecture 
at  GlassHouse  Technologies.  He  has  more 
than  20  years  of  storage  experience,  leads 
large  consulting  engagements,  and  speaks 
and  writes  often  on  storage  topics.  He  can 
be  reached  at  bpeldzus@glasshouse.com. 
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Do's  and  don'ts 

Get  successful  strategies  for  building  an  RFP  team, 
interacting  with  vendors,  writing  the  RFR  evaluating 
the  results  and  viewing  product  demonstrations. 
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Need  Secure  Console  Management? 


IWTI  -  Console  Pod  Management  Santchej  -  Miciosoll  Internet  Lxplviei 
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Increase  your  data  center  availability 

...with  APC  Rack  Power  Distribution 


- 


Avoid  overloading  circuits 

Monitor  the  current  draw  as  you  install  equipment 

Protect  circuit  from  unauthorized  use 

Turn  outlets  off  when  not  in  use 

Avoid  in-rush  current  overload 

Outlets  are  turned  on  sequentially 

Manage  power  via  Network  Interfaces 

Built-in  Web,  SNMP,  Telnet  support 

Power  Distribution  Units 

•  Basic:  Vertically  and  horizontally  mounting  with  a 
range  of  amps  and  voltages 

•  Metered:  Ability  to  monitor  the  current  draw  and 
set  alarm  thresholds  that  when  exceeded,  provide 
both  visual  and  audible  alarms 

•  Switched:  Advanced,  remote  power  distribution 
and  control.  User  configurable.  Users  can  configure 
the  sequence  in  which  power  is  provided  to 
individual  receptacles  upon  start  up. 


Enter  to  WIN  a  FREE  APC  Rack  PDU  today. 

Visit  http://promo.apc.com  Key  Code  f999x  •  Call  888-289-APCC  x6797  •  Fax  401-788-2797 

©2005  American  Power  Conversion  Corporation.  All  Trademarks  are  the  property  of  their  owners.  E-mail:  esupport@apa.com  •  132  Fairgrounds  Road,  West  Kingston.  Rl  02892  USA 


APC's  advanced  power  distribution  units 
distribute,  monitor  and  remotely  control 
power  in  rack  enclosures. 

Now  you  can  remotely  control  power  to 
individual  outlets  and  monitor  aggregate 
power  consumption  via  local  and  remote 

displays.  Access,  configure  and  control  the 
APC  Switched  Rack  PDU  through  Web, 
SNMP  orTelnet  interfaces. 

From  basic  power  distribution  to  controllable 
outlets,  APC  has  solutions  up  to  14.4  kW  to 
fit  your  IT  environment  needs.  See  our  entire 
line  of  rack  PDUs  online  at  www.apc.com. 


Every  product  carrying  this  mark  has  been 
tested  and  certified  for  use  with  InfraStruXure 
architecture.  Before  you  buy,  check  for  the  X  to 
guarantee  product  compatibility. 


With  over  15  million 
satisfied  customers, 
APC's  Legendary  Reliability™ 
guarantees  peace  of  mind. 


Legendary  Reliability® 


AX4A05EP-US 


SSH  or  Out-of-Band  Access  to  Consoles  at  Remote  Locations 


The  SCM-16  Secure  Console  Management  Switch  provides  in-band  and 
out-of-band  access  to  RS232  console  ports  on  UNIX  servers,  routers  and  any  other 
network  elements  which  have  a  serial  console  or  craft  port.  System  administrators 
can  access  serial  maintenance  ports  over  the  network  via  SSH  connections  and  simple, 
menu-driven  commands  or  through  a  discrete  TCP  port  connection,  mapped  directly  to 
one  of  the  SCM-16  serial  outputs. 


Visit  Website  for  Complete  NetReach™  Product  Line 

(800)  854-7226  •  www.wti.com 
5  Sterling  •  Irvine  •  California  92618-2517 
(949)586-9950  •  Fax:(949)583-9514 
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Secure  Shell  (SSHv2)  Encryption 
Simultaneous  SSH  or  Telnet 
TACACS  &  RADIUS  Authentication 
Dial-Back  Security  on  Modem  Port 
Command  Logging  with  Audit  Trail 
SYSLOG  Reporting 
NTP  Server  Ready 
Any-to-Any  Port  Switching 
Non-Connect  Port  Buffering 
Port-Specific  Password  Protection 
Data  Rate  Conversion 
Rack  Mountable  -  Requires  1  Rack  Unit 
115/230  VAC  or  -48  VDC  Models 


Web  Browser  Interface 


SECURE  CONSOLE  MANAGER 


Yes,  We  are  Customer  Friendly! 

✓  Two  Year  Warranty 

✓  We  Stock  for  Same  Day  Shipment 

✓  30  Day  Return  Policy 

✓  Call  or  Email  tor  an  Online  Demo 
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maybe  it’s  time 
you  look  at 

AdaptiveKVM" 


When  servers  are  down  or  inaccessible,  you  need 
fast  and  reliable  out-of-band  access  and  control. 

Cyclades  AdaptiveKVM™  (patent  pending)  is  the  industry's  first 
integrated  solution  that  combines  KVM  over  IP  and  Microsoft® 
Remote  Desktop  Protocol  (RDP)  technology  in  a  single 
appliance.  By  using  KVM  over  IP  combined  with  RDP, 
AdaptiveKVM  provides  continuous  access  for  remote  server 
management. 


Next-Generation  KVM  Solution 
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AlterPath™  KVM/netPlus 

m - '  j  Download  a  FREE  White  Paper  on  AdaptiveKVM 

www.cyclades.com/akvm 


www.cyclades.com/nw 

1.888.cyclades  •  sales@cyclades.com 
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utomate  Any  Environment 


Apcon  Intellapatch™  delivers  solutions  that  reduce  costs 
for  enterprise  and  test  lab  environments 


iiliai 


Enterprise: 

•  Reduce  packet  analyzer 
and  monitoring  costs 

Centrally  control  and 
distribute  packet  analyzers 

Enable  100%  network  visibility 


•  Remotely  control 
physical  connectivity 
of  monitoring  device 


IntellaPatch™ 

Physical  Layer  Switches 


Test  Labs: 

•  Automate  networking  and 
software  test  labs 

•  Instantly  reconfigure  test  lab 
topologies 

•  Decrease  testing  time  and  cost 

•  Decrease  product  time 
to  market 


For  the  full  IntellaPatch  story,  click  www.apcon.com  or  call  1.800.624.6808. 


U  Apcon 

Solutions  for  Networks 
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TAP  into  Performance 

Monitor  mission-critical  links  with  the 
latest  technology  through  new  /iTAPs 


Stop  jeopardizing  network  performance  and  risking  costly  downtime.  Be  confident  you 
have  maximum  visibility  into  your  full-duplex  links  by  configuring  an  r?TAP  solution  that 
fits  your  network  and  budget.Visitwww.networkTAPs.com/visibility  today. 


Ethernet  Copper  nTAP 

For  copper-to-copper  connections 
Choose  your  speed: 

10/100 . $395 

10/100/1000  . $995 


Optical  Fiber  nTAP 

Multiple  split  ratios 

Choose  your  port  density: 

Single  channel . 

. $395 

Four  channel . 

$1,795 

Six  channel . 

$2,395 

To  learn  more  about  how  nTAPs  can  boost  your  network  visibility  and  which  configuration  option 
is  best  for  you,  go  to  www.networkTAPs.com/visibility  or  call  866-GET-nTAP  today. 

Free  overnight  delivery* 
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-free  overnight  delivery  on  all  U.S  order,  over  5300.00  confirmed  before  12  pm  CST. 

nlAP  and  the  nTAP  logo  at  trademarks  or  registered  trademarks  of  Network  Instruments,  LIE. 
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How  Do  You  Distribute 
Power  in  Your  Data 
Center  Cabinet? 


With  Sentry! 

CDU  Product  Family:  Metered,  Smart  &  Switched 

The  Sentry  CDU  distributes  power  for  Blade  servers  or  up  to  42  dual 
power  1U  servers  in  one  enclosure.  Single  or  3-phase  input  with 
110VAC,208VAC  or  mixed  110/208VAC  single-phase  outlet  receptacles. 


Metered  CDU 

>  Local  input  Current  Monitoring 
Smart  CDU 

>  Local  Input  Current  Monitoring 

>  Supports  External  Temperature  and 
Humidity  Probes 

>  IP  Monitoring  of  Power  Temperatures 
and  Humidity 


Server  Technology 

So'uVo'iv  for  DjT.i  Cpitor  Eg. i  cmpr,?  Cut'' 

Server  Toe hnolcgv  Inc  toll  fr pe  •*  1 .800  ISIS 

1040  Sandhill  Pnve  +1.7*5.284.2000 

Reno  NV  89501  -USA  +1  775  284  2065 

vvw\\  servertech.ccm  s.ilesCVrvertpch  com 


Switched  CDU 

>  Local  input  current  Monitoring 

>  Supports  External  Temperature  and 
Humidity  Probes 

>  IP  Monitoring  of  Power,  Temperatures 
and  Humidity 

>  Remote  Power  Control  of  Each  Outlet 
—  On  /  Off  /  Reboot 


SERVERS  WITHIN  YOUR  REACH 
FROM  ANYWHERE 


LOCAL  OR  REMOTE  SERVER  MANAGEMENT  SOLUTIONS 
OVER  IR  CAT5,  OR  FIBER 


UltraMatrix™ 

Remote 

KVM  OVER  IP 


MATRIX  KVM  SWITCH  WITH 
INTEGRATED  REMOTE  ACCESS  OVER  IP 

System-wide  connectivity  over  IP  worldwide  and  locally 
Connects  1,000  computers  to  up  to  256  user  stations 
Supports  PC,  Sun,  Apple,  USB,  UNIX,  serial  devices 
High  quality  video  up  to  1280  x  1024 
Secure  encrypted  operation 

View  real-time  video  from  4  computer  connections  with  quad- 
screen  mode 


■  PROFESSIONAL  MULTI-USER  KVM  SWITCH 
2  -  4  KVM  STATIONS  TO  1,000s  OF  COMPUTERS 


UltraMatrix™ 

E-series 


KVM  SWITCH 


PC  or  multi-platform  ,(  PC/Unix,  Sun,  Apple,  others) 

On-screen  menu  informs  you  of  connection  status 

between  units  in  an  expanded  system 

Powerful,  expandable,  low  cost 

No  need  to  power  down  most  servers  to  install 

Security  features  prevent  unauthorized  access 

Free  lifetime  upgrade  of  firmware 

Video  resolution  up  to  1600  x  1280 

Available  in  several  models 

Easy  to  expand 


The  UltraMatrix  Remote  represents  the  next  generation  in  KVM  switches  The  UltraMatrix  E-Series  represents  the  latest  in  KVM  matrix  switch 

with  IP  access.  It  provides  a  comprehensive  solution  for  remote  server  technolog,  at  an  affordable  price.  The  E-Series  allows  you  to  connect 

access  over  IP  and  local  access  as  well.  up  to  256  user  stations  to  as  many  as  1,000  computers.  The 

UltraMatrix  E-Series  is  available  in  several  sizes:  2x4,  2x8,  2x16,  4x4, 
4x8,  4x16,  1x8,  and  lxl6in  either  PC  or  multi-  platform. 


UltraConsole™ 

KVM  SWITCH 


SINGLE  USER  &  MULTI-PLATFORM  KVM  SWITCH 
1  KVM  STATION  TO  1,000s  OF  COMPUTERS 

Supports  PC,  Sun,  UNIX,  Linux,  USB,  and  serial  devices 
Supports  serial  devices  such  as  routers  and  emulates 
VT100/220  terminals 

Plug-in  expansion  cards  allow  the  system  to  easily  be 
expanded  as  the  system  grows 

An  expanded  system  can  connect  up  to  1,000  computers  to  a 

console  user  station 

Powerful  and  expandable,  yet  low  cost 

Video  resolution  up  to  1600  x  1280 

On-screen  menu  informs  you  of  connection  status  between 
units  in  an  expanded  system 

Multi-lingual  Menu  (English,  French,  German,  Spanish,  Italian, 
Portuguese) 


CrystalView  Pro™ 

EXTENDER 
OVER  FIBER 
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DVI/VGA  DIGITAL  KVM 
EXTENDER  OVER  FIBER 

DVI  and  VGA  video  modes 

■  PC  and  USB 

■  PS/2  and  USB  keyboards  and  mouse. 

■  Full  stereo  audio  (optional) 

■  Serial  (optional) 

Ethernet  lOBaseT  Network  management  (optional) 
Extend  a  KVM  station  from  a  CPU  using  fiber  cable: 

■  (MultiMode)  62.5-micron  cable  up  to  650  ft 

■  (MultiMode)  50-micron  cable  up  to  1,300  ft 

■  (SingleMode)  9-micron  cable  up  to  33,000  ft  (6 
miles) 

Video  resolution  up  to  1600  x  1200 
Flexible  modular  architecture 


The  UltraConsole  represents  the  latest  in  KVM  switching  technology  at 
affordable  prices.  The  UltraConsole  allows  for  a  central  user  station  to 
connect  to  four,  eight,  or  sixteen  computers  per  chassis,  expandable 
to  as  many  as  1,000  computers,  servers,  or  serial  devices. 


The  CrystalView  Pro  fiber  is  the  KVM  extender  of  choice  for  businesses 
that  need  to  extend  and  operate  a  computer,  server,  or  KVM  switch  from 
a  great  distance. 

The  CrystalView  Pro  fiber  makes  this  possible  with  the  use  of  standard 
fiber  optic  cable.  You  can  fully  operate  and  control  a  computer  or  server 
from  as  far  away  as  33,000  feet  using  9-micron  fiber  cable 
(SingleMode) 


■  KVM  RACK  DRAWERS  WITH  KVM  SWITCH  OPTION 

RackViews  offer  the  latest,  most  efficient  way  to 
organize  and  streamline  your  server  rooms  and 
multiple  computers. 

The  RackView  is  a  rack  mountable  KVM  console  neatly 
fitted  in  a  compact  pull-out  drawer.  This  easy-glide 
KVM  drawer  contains  a  high-resolution  TFT/LCD 
monitor,  a  tactile  keyboard,  and  a  high-resolution 
touchpad  or  optical  mouse. 


XtendVue 

Vertical  Rack  mountable  LCD 
With  Built-in  KVM  Extender 


RackView 

Fold-Forward 
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RackView  RackView 

Fold-Back  LCD  Monitor 


ROSE  US 
ROSE  EUROPE 
ROSE  ASIA 
ROSE  AUSTRALIA 


281  933  7673 
+  44  (0)  1264  850574 
+  65  6324  2322 
+  617  3388  1540 


800-333-9343 

WWW.ROSE.COM 


# 


RG 

ELECTRONIC" 
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For  more  information  or  to  place  an  order  please  visit  us  on  the 

web  at  www.digiliant.com  or  call  us  at  800-306-2199 


DigiH ant’s  Network  Attached  Storage  and  iSCSI  appliances 
provide  your  business  a  more  efficient  and  economical  way 
for  data  storage.  Up  to  20TB  starting  at  $1,099. 


NAS 


Starting  at  $2,299 


Data  Capacity  from  320GB  to  2TB 
SATA  Hard  Drives  with  NCQ 
Broadcom  4452  4-Port  Raid  Controller. 
Dual  Gigabit  Network  Card 
Intel  Celeron  2.8GHz  up  to  P4  3.2GHz 


2U  NAS 


Starting  at  $3,699 


•  Data  Capacity  from  640GB  to  4TB 

•  SATA  Hard  Drives  with  NCQ 

•  3Ware  9550SX  8-Port  Raid  Controller 

•  Dual  Gigabit  Network  Card 

•  Intel  Xeon  2.8GHz  up  to  3.2GHz 


81)  NAS 


•  Data  Capacity  from  3.2TB  to  20TB 

•  SATA  Hard  Drives  with  NCQ 

•  3Ware  Raid  Controllers 

•  Dual  Gigabit  Network  Card 

•  Dual  Intel  Xeon  2.8GHz  up  to  3.2GHz 

Starting  at  $12,899 


v:  r.  •  "•  • 

.fOjS  •? 


SENSAPHONE 

irvis-amoo 


4*4 

W 


Monitor  the  REST  of  your  Computer  Room! 


•  Water  on  the  Floor 

•  Temperature 

•  Power  Problems 

•  Security 

•  Smoke  and  Fire 

•  Humidity 

•  Video 

•  And  much  more 


Sends  Monitors 

SNMP  64 

Messages  IP 


Embedded 

Web 


Power 

Outage 

Alwminn 


Dealers  Wanted 


Control 

Interface 


Modem 
&  Pager  Port 


('  lerryteralure,  HumUily, 
Water.  Ktotkn,  Power. 
Smoke /F<n>) 

Expandable 


Internal 

UPS 


Monitor  inq 


SENSAPHONE 

Tel:  877-373-2700 

901  Tryens  Road 

www.ims-4000.com 

Aston,  PA  19014 

Terminal  server  vendors,  who  proclaim  that 
they  have  Secure  Out  Of  Band  products,  rely 
oo  RADIOS,  TACACS+  and  other  in-band 
protocols  to  provide  security.  By  inference, 
they  imply  they  secure  out  of  band  access 
when,  in  fact,  they  offer  ooly  network  security, 
which  conflicts  with  out  of  band  access. 


A  true  Secure  Out  of  Band  Management 
solution  should  provide  strong  security  without 
reliance  upon  network-based  protocols. 


Hardware  encryption  over  dial-up 
and  network  connections 
RSA  certified  SecurlD  authentication 
without  a  network. 

Patented  central  management  of  all 
remote  devices 


Full  NIST,  FIPS  140-2  certifications  e-n 


Remote  Power  control  *-n 


Homologous  world-wide  approved  •-n 
internal  modems 


CDI  has  been  building  encryption  equipment  for  over  fifteen  years.  Our  customers  and  partners  include 
major  financial  institutions,  government  agencies,  major  telcos,  utilities,  and  the  United  States  military. 


Communication  Devices  Inc. 
www.outofbandmanagement.com 


Production  Tracking  Over  Ethernet 
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Eliminate  your  shop-floor 
PCs  with ... 

Ethernet  Terminals  from 
ComputerWise  connected  to 
your  in-house  LAN. 

Capture  production  data 
directly  into  files  on  your 
server. 


Features  t  Benefits 

•  Interactive  Telnet  Client 

•  TCP/IP  over  10/IOOBaseT  Ethernet 

•  Built-in  Barcode  Badge  Reader 

•  Optional  Mag-Stripe  &  RFID  Badge  Reader 

•  Auxiliary  RS-232  Serial  port 

•  Customizable  Data  Collection 

Program  Included  _ 

•  Larger  keyboard  and  ^ 


display  sizes  available 
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COMPl  IT.HWBE. 

Call  1-800-255-3738  or  visit  www.comput8rwise.Gom 


Hitting  a  wall  with  your  current  sniffer? 


Break  through  with  Observer  11.  Now  with  enterprise  strength  VoIP  analysis.  New  features  include  an  enhanced 
VoIP  Expert,  Quality  Scoring,  Call  Detail  Records,  MultiHop  Analysis,  and  64-bit  Windows  support.  It's  time  to  reset  your  analyzer. 


NETWORK 

INSTRUMENTS 


Wired  to  wireless.  LAN  to  WAN.  One  network  -  complete  control. 


US  &  Canada  UK  &  Europe 

toll  free  800.526.5958  +44  (0)  1 959  569880 

www.networkinstruments.com/analyze 


enhanced  VoIP  support 


1.408.727.1122 
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info@recurrent.com 
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3431  De  La  Cruz  Blvd,  Santa  Clara,  CA  95054 


For  the  latest  and  most 
in-depth  information  on 
network  IT  products  from 
these  companies  and  more, 

go  to  VENDOR  SOLUTIONS 

www.networkworld.com/vendorsolutions 

NETWORKWORLD 


Systems/Features/Memory 
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GBiCs/Cables/Parts 

Also  Available:  Extreme,  Adtran 

in  Stock  •  Fast  Delivery  •  No  Expedite  Charges 

COMSTAR,  INC. 

The  #1  Network  Remarketer 

952*835*5502 

Fax  952*835*1927  www.comstarinc.com 


The  Smart  Choice  for  Text  Retrieval®  since  1991 

♦  over  two  dozen  indexed, 
unindexed,  fielded  and  full-text 
search  options 

♦  highlights  hits  in  HTML,  XML  and 
PDF  while  displaying  embedded 
links,  formatting  and  ITiiMLW 

♦  converts  other  file  types 
(word  processor,  database, 
spreadsheet,  email,  ZIP,  Unicode,  f 
etc.)  to  HTML  for  display  with 
highlighted  hits 


Reviews  of  dtSearch 

♦  “The  most  powerful  document  search 
tool  on  the  market”  —  Wired  Magazine 

♦  “dtSearch  ...  leads  the  market” 

—  Network  Computing 

♦  “Blindingly  fast”  —  Computer  Forensics: 
Incident  Response  Essentials 

♦  “A  powerful  arsenal  of  search  tools” 
—  The  New  York  Times 

♦  “Super  fast,  super-reliable” 

—  The  Wall  Street  Journal 

♦  “Covers  all  data  sources ...  powerful 
Web-based  engines”  —  eWEEK 

_ I  www.dtsearch.com  for  hundreds  ♦  “Searches  at  blazing  speeds” 

more  reviews  &  case  studies  “  Computer  Reseller  News  Test  Center 
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“His  column  was  so 
accurate  that  I 
sometimes  won¬ 
dered  if  Charlie 
was  looking  over 
my  shoulder. 
Tonight  I  feel  that 
the  IT  world  has 
become  a  smaller, 
darker  place.” 


Shannon 

continued  from  page  1 

under  every  desk  at  Digital 
Equipment  Corporation,”  as  one 
poster  put  it. 

A  Vietnam  veteran,  Shannon 
started  out  in  IT  in  the  1970s, 
operating  an  IBM  System  360.  He 
bought  his  first  VAX  in  1982  and 
wrote  the  first  VAX/VMS  user 
manual.  Over  the  years,  he  was  a 
writer  for  DECpro  and  Digital 
Review,  as  well  as  an  indepen¬ 
dent  analyst,  newsletter  writer 
and  a  frequent  speaker  at  Digital 
user  group  conferences  all  over 
the  world. 

After  Digital  ceased  to  exist,  his 
“Shannon  Knows  DEC”  newslet¬ 
ter  morphed  into  “Shannon 
Knows  Compaq”  and  most  re¬ 
cently  “Shannon  Knows  High  Per¬ 
formance  Computing.”  His  last 
post  was  a  short  report  on  HP’s 
quarterly  dividend.  Shannon  died 
later  that  day  at  age  52. 

His  friend  Ken  Farmer,  who 
hosts  a  number  of  Web  sites,  in¬ 
cluding  Shannons, got  the  news 
a  few  days  later.  Farmer  kept  the 
message  board  open  and  en¬ 
couraged  people  to  contribute. 

“1  decided  to  convert  his  site 
from  a  news  site  to  a  place 
where  people  can  put  their  con¬ 
dolences,  and  I  decided  to  sur¬ 
round  it  with  things  important  to 


him.  It  only  makes  sense  [to  cre¬ 
ate  an  online  memorial]  when 
the  other  side  of  the  globe  be¬ 
comes  your  local  town,”  he  says. 

Jeffrey  Cole,  director  of  the 
University  of  Southern  Cali¬ 
fornia’s  Center  for  the  Digital 
Future  in  Los  Angeles,  adds, 
“This  is  just  another  example  of 
how  the  Internet  is  changing 
the  nature  of  everything  and 
the  rules  of  time,  distance  and 
memory  A  memorial  is  no 
longer  in  a  depressing  cemetery 
where  only  fewer  and  fewer  see 
it  or  a  service  that  fades  quickly. 
The  Internet  brings  together 
audio,  video  and  text  in  an 
international  memorial  that 
stands  the  test  of  time.” 

Today  Shannon’s  site  includes  a 
lengthy  bio,  copies  of  his  past 
newsletters,  pictures  and  presen¬ 


tations  he  made  at  DECUS  and 
EncompassUS  shows.The  most 
moving  part  of  the  site,  however, 
is  the  comment  area,  which 
includes  posts  from  Shannon’s 
best  friend  in  high  school,  people 
he  worked  with  early  in  his 
career,  fellow  Vietnam  vets, 
friends  that  he  met  at  DECUS 
events  and  admirers  of  his 
newsletter. 

On  June  3,  the  posts  started 
showing  up.  Here  are  some 
excerpts: 

“Charlie  Mateo  was  the  very 
best  at  what  he  did.  He  was  a 
technologist,  an  analyst  and  a 
muckraker;  and  nobody  could 
get  information  the  way  that 
Charlie  did.  His  column  was  so 
accurate  that  I  sometimes  won¬ 
dered  if  Charlie  was  looking 
over  my  shoulder. Tonight  I  feel 


that  the  IT  world  has  become  a 
smaller,  darker  place.” 

“There  are  few  things  in  my  life 
that  I  regret,  and  those  are  only 
things  that  I’ve  not  done.  I  regret 
not  having  known  Terry  better 
than  1  did.  I  regret  not  having  met 
him.  I  regret  having  only  been  an 
acquaintance  and  not  a  friend.” 

“The  world  is  a  little  less  bright 
without  Terry  in  it.TheVMS  com¬ 
munity  has  lost  another  advocate 
and  sadly  I  have  lost  a  friend  to  a 
war  that  never  ended.” 

“Sorry  to  read  of  Terry’s  passing. 
I  guess  I’ll  be  riding  the  train  to 
Perth  alone.” 

On  June  4, Terry  Shannon’s 
brother  Scott  expressed  his 
appreciation: “Terry’s  family  is 
overwhelmed  by  all  of  your  kind 
words,  thoughts  and  prayers.  He 
touched  so  many  people  in  so 
many  ways  —  it  pleases  us  to 
know  how  many  people  cared 
about  him.  He  had  a  tremendous 
mind,  a  unique  sense  of  humor 
and  will  be  missed  by  all  of  us.” 

On  June  18,  an  admirer  wrote  a 
small  story  in  Wikipedia  (see  it  at 
www.networkworld.com,  Doc- 
Finder:  1232). 

On  Aug.  12,  Shannon’s  best 
friend  from  high  school  posted 
this: “Terry  (T.C.)  and  1  were 
friends  since  high  school  in 
Syracuse,  N.Y  He  was  my  closest 
friend  for  a  long  time.That’s  a 


Wireless  LANs 
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historical  patterns  to  create  a  “threat  assess¬ 
ment  score”  for  the  new  device,  according  to 
AirDefense  executives. 

The  new  data  store  also  makes  it  possible  to 
boost  the  number  of  wireless  devices  that  can 
be  managed  by  a  factor  of  five,  to  10,000  sen¬ 
sors  and  300,000  devices. 

Also  new  is  a  client  program  that  can  be 
downloaded  to  corporate  laptops,  where  it 
can  enforce  a  range  of  WLAN  security  policies 
when  users  are  tapping  into  public  wireless 
hot  spots  or  a  home  WLAN. 

AirDefense  Enterprise  pricing  remains  un¬ 
changed, with  sensors  at  about  $1,000  each, an 
entry-level  security  appliance  for  $5,000  and  a 
high-end  version  for  $12,000. 

Bluesockst  manages 

Bluesocket  last  week  unveiied  changes  to  its 
BlueSecure  Controller  line  and  its  BlueView 
Management  software. 

BlueSecure  5. 1  now  enables  the  twin  radios 
in  the  company’s  access  points  to  continu¬ 
ously  cycle  between  data  traffic  and  RF  moni¬ 
toring.  From  this  data,  the  controller  creates  a 
constantly  changing  picture  of  what’s  going  on 
in  the  radio  waves.  New  algorithms,  for  exam¬ 


ple,  can  detect  that  activity  on  channel  6  of  a 
given  access  point  indicates  interference  from 
some  other  radio  source.  The  controller  can 
then  change  the  channel  assignment  of  that 
access  point. 

Another  algorithm  helps  the  controller 
balance  the  number  of  clients  on  a  given 
access  point,  causing  some  to  reassociate 
with  a  neighboring  access  point.  Another 
new  feature  is  support  for  802.1  li  key 
caching  for  mobile  clients,  such  as  wireless 
VoIP  phone  users. 

The  initial  user  authentication  in  effect  is 
stored  and  reused  as  the  phone  moves  from 
one  access  point  to  another,  instead  of  a 
time-consuming  re-authentication  being 
needed  with  each  move. 

The  BlueView  management  software, Version 
2.2,  now  uses  techniques  to  locate  each  wire¬ 
less  device  and  plot  its  location  on  a  floor 
plan.  Company  officials  say  accuracy  is  within 
about  a  20-foot  circle. 

The  company  has  now  incorporated  Check 
Point’s  Integrity  Clientless  Security  software  in 
BlueSecure  5.1.  Check  Point  technology  can 
be  used  on  wireless  laptops  or  handhelds 
without  having  to  download  a  client  program. 
Only  if  the  devices  meet  the  security  policies 
are  they  allowed  to  complete  their  connection 
to  the  WLAN. 


The  new  software  release  is  available  now,  as 
is  the  new  version  of  BlueView,  which  still  costs 
about  $10,000. 

Aruba  Wireless  Networks  is  making  several 
changes  to  support  VoIP  users  on  its  WLAN 
access  points  and  controllers.  The  controller 
already  runs  a  stateful  firewall  that  can  in¬ 
spect  each  wireless  packet. 

In  the  new  release,  the  firewall  can  now 
“see”  the  specifics  of  several  voice  protocols: 
session  initiation  protocol  (SIP),  Cisco’s 
Skinny  Client  Control  Protocol,  and  proto¬ 
cols  from  wireless  VoIP  vendors  Spectralink 
and  Vocera. 

The  new  software  release,  for  example,  can 
be  used  to  collect  information  about  voice 
packets  to  identify  the  number  of  calls  on  a 
given  access  point  and  then  deflect  new 
calls  to  another  access  point,  if  available.This 
load  balancing  preserves  adequate  band¬ 
width  for  each  call.  Also  new  is  the  software’s 
ability  to  identify  a  user  device  as  voice- 
capable  and  then  limit  it  to  accessing,  for 
example,  only  the  SIP  PBX. 

Another  change  minimizes  the  chance  of 
calls  being  disrupted,  by  stopping  Aruba  ac¬ 
cess  points  from  taking  time  out  to  do  RF 
scanning  while  a  call  is  in  progress. 

Version  2.5  of  the  controller  software  is 
scheduled  to  be  available  later  this  month.  ■ 


whole  lot  of  years  ago  and  so  I 
have  also  lost  an  ‘old’  friend.” 

On  Sept.  16,  the  Digital  field 
engineer  who  delivered  that 
new  VAX  to  Shannon  in  1982 
logged  on. “We  had  a  special 
relationship  and  shared  lots  of 
good  times  over  the  years.  I  will 
miss  him  terribly” 

On  Nov.  15,  a  co-worker  revealed 
the  origins  of  the  Charlie  Mateo 
pseudonym.“I  worked  with  Terry 
at  Digital  Review  from  1985  to 
1987;  in  fact,  my  first  task,  after 
being  hired  as  an  editorial  assis- 

“TheVMS  com¬ 
munity  has  lost 
another  advocate 
and  sadly  I  have 
lost  a  friend  to  a 
war  that  never 
ended.” 

tant  fresh  out  of  college,  was  edit¬ 
ing  an  article  by  Terry  which  1 
think  we  published  under  the 
byline  “Charles  Mateo,”  since  he 
was  not  yet  officially  working  for 
us!  I’ll  always  have  fond  memo¬ 
ries  of  Terry’s  sense  of  humor, 
prodigious  vocabulary  and 
friendship.” 

The  number  of  new  posts  has 
slowed,  but  Farmer  says  he  has 
no  plans  to  take  down  the  site. 

And  Scott  Shannon  says  the  site 
“gave  me  some  insight  as  to  the 
number  of  friends  and  contacts 
that  he  had  touched  in  one  way 
or  another  that  I  would  never 
have  known  about  or  had  any 
way  to  let  them  know  he  had 
passed  away!’ 

He  adds  thabhe  went  back  and 
checked  for  new  posts  for  about 
a  month  and  “was  able  to  incor¬ 
porate  some  of  the  thoughts  post¬ 
ed  there  in  the  remarks  I  made  at 
a  memorial  attended  by  our  fam¬ 
ily  in  July  when  we  dispersed  his 
ashes  from  a  sea  plane  flying 
over  the  Adirondack  Mountains 
in  northern  NewYork.”B 


Got  great  ideas? 


■  Got  a  suggestion  for  a  Wider  Net 
story?  An  offbeat  network  industry- 
related  topic?  A  fascinating  person¬ 
ality  we  should  profile?  Contact 
Bob  Brown  with  your  ideas  at 
bbrown@nww.coni. 


vmwwwv'w 


_THE  INVASION 

_DAY  3:  The  servers  have  taken  over.  We  bought 
so  many  affordable  ones  we  can’t  afford  the  people 
to  manage  them.  How  far  does  this  sprawl  spread? 
Have  they  taken  over  the  city?  The  planet? 

Ma,  have  they  gotten  to  you,  too?  (Must  type 
very,  very  quietly.  They’re  L-I-S-T-E-N-I-N-G.) 
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What’s  Your  Skype  IQ? 

True  or  false? 

1.  Skype  is  a  free,  rogue,  Internet  VoIP  service  for  geeks. 

2.  Skype  call  quality  is  minimal,  barely  usable. 

3.  Skype  supports  more  than  just  VoIP  calling. 

4.  Skype  is  a  bandwidth  hog. 

5.  Skype  works  with  any  Internet  VoIP-based  softphone. 

See  answers  below 


1:  Mostly  false.  Skype  is  a  legitimate  business,  now  wholly  owned  by  eBay,  that 
has  captured  a  significant  portion  of  international  voice  calling.  Self-selected  users 
place  softphone-based  calls  for  free.  Calls  originate  and  terminate  via  the  Internet. 
Users  otherwise  pay  nominal  fees  (upfront)  for  receiving  and  placing  calls  off- 
Internet  to  and  from  the  PSTN, 

2:  False.  Lab  testing  has  found  that  Skype  call  quality  is  very  good,  comparable 
to  that  delivered  by  most  major  iP-telephony  vendors'  softphones.  With  minimal 
network  impairments  (packet  loss,  latency,  etc.),  Skype  call  quality  earns  an  MOS 
rating  of  4.0  or  more,  With  moderate  network  impairments,  call  quality  drops  to 
3.6  or  3.7.  With  substantial  impairments,  call  quality  can  become  barely  usable,  but 
users  can  then  revert  to  instant  messaging. 

3:  True.  The  Skype  service  and  software  provides  secure,  encrypted  instant 
messaging  and  conferencing  and  file  transfer.  Skype  2.0,  now  in  beta,  adds  video 
support,  and  testing  shows  it's  fully  backward-compatible  with  the  current  Version 
1.4. 

4:  Mostly  false.  Observations  of  Skype  traffic  over  protracted  periods  show  that 
a  Skype  voice  conversation  takes  about  33K  to  46Kbps  of  bandwidth  in  each 
direction.  That's  similar  to  an  efficiently  encrypted  G.729-encoded  VoIP  stream. 

No  standard  or  consistent  packet  size  is  used  by  Skype,  however,  and  the  size  and 
duration  of  voice  samples  also  varies  from  packet  to  packet  in  the  Skype  stream, 

5:  False.  Each  endpoint  must  be  running  Skype  PC  software.  Skype  VoIP  streams 
are  encrypted  and  are  widely  dynamic  in  terms  of  ports  used  and  call  setup. 


Skype 

continued  from  page  1 

laptops  and  PCs  sitting  on  public 
IPs  and  behind  NAT  firewalls.  We 
then  captured  and  analyzed 
Skype  setups  and  Real-time  Trans¬ 
port  Protocol  streams  of  VoIP  calls 
in  various  environments,  through 
numerous  firewall  and  intrusion- 
prevention  system  (TPS)  configu¬ 
rations,  between  enterprise  and 
residential  Skype  endpoints,  and 
between  subnets  on  the  same 
enterprise  network. 

We  assessed  the  state  of  the 
encryption  and  security  of  the 
Skype  messages  and  streams, 


Global  Test  Alliance 


■  Miercom  is  also  a  member  of 
the  Network  World  Lab  Alliance,  a 
cooperative  of  the  premier  testers 
in  the  network  industry,  each 
bringing  to  bear  years  of  practical 
experience  on  every  test.  For 
more  Lab  Alliance  information, 
including  what  it  takes  to  become 
a  partner,  go  to  www.network- 
world.com/alliance. 

Other  members:  Mandy  Andress, 
ArcSec:  John  Bass,  Centennial 
Networking:  Travis  Berkley, 
University  of  Kansas:  Jeffrey 
Fritz,  University  of  California,  San 
Francisco;  James  Gaskin,  Gaskin 
Computing  Services;  Thomas 
Henderson,  ExtremeLabs; 

Christine  Perey,  Perey  Research 
&  Consulting;  David  Newman, 
Network  Test;  Thomas  Powell, 
PINT.  Joel  Snyder,  Opus  One; 
Rodney  Thayer,  Canola  &  Jones. 


■  Network  World  118  Turnpike  Road, 
Southborough,  MA  01772-9108,  (508)  460-3333. 


Periodicals  postage  paid  at  Southborough,  Mass., 
and  additional  mailing  offices.  Posted  under 
Canadian  International  Publication  agreement 
#40063800.  Network  World  (ISSN  0887-7661)  is 
published  weekly,  except  for  a  single  combined 
issue  for  the  last  week  in  December  and  the  first 
week  in  January  by  Network  World,  Inc.,  118 
Turnpike  Road,  Southborough,  MA  01772-9108. 

Network  World  is  distributed  free  of  charge  in 
the  U.S.  to  qualified  management  or  professionals. 

To  apply  for  a  free  subscription,  go  to  www.sub- 
scribenw.com  or  write  Network  World  at  the 
address  below.  No  subscriptions  accepted  with¬ 
out  complete  identification  of  subscriber's  name, 
job  function,  company  or  organization.  Based  on 
the  information  supplied,  the  publisher  reserves 
the  right  to  reject  non-qualified  requests. 
Subscriptions:  1  508-490  6444. 

Nonqualified  subscribers:  $5.00  a  copy:  U.S.  - 
$129  a  year:  Canada  $160.50  (including  7%  GST, 
GSf#1266S9952):  Central  &  South  America  - 
$159  a  year  (surface  mail):  all  other  countries  - 
$300  a  .ear  (airmail  service).  Four  weeks  notice 
is  requ.-ed  for  change  of  address.  Allow  six 
weeks  for  new  subscription  service  to  begin. 
Please  include  mailing  label  from  front  cover  of 
the  publication. 


looking  for  exposed  information 
that  could  be  useful  to  hackers 
and  susceptible  to  man-in-the- 
middle  interception  and  diversion 
tactics.  We  evaluated  the  security 
of  Skype  Instant  Messaging  and 
file  transfer,  along  with  the  inter¬ 
networking  of  Skype  1.4  and  2.0 
beta.  We  also  tracked  the  effect  of 
Skype  operations,  in  terms  of  CPU 
and  memory  use,  on  laptops. 

Our  testing  shows  that  neither 
Skype  VoIP  nor  Skype  Instant 
Messaging  poses  any  readily 
exploitable  security  threat. We  also 
conducted  a  dozen  private  inter¬ 
views  with  hackers,  enterprise  net¬ 
work  managers  and  leading  net¬ 
work-security-equipment  suppli¬ 
ers,  none  of  which  could  cite  one 
case  of  Skype  being  exploited  for 
insidious  security  assaults. 

Of  course,  next  week  some  vul¬ 
nerability  might  be  exploited.  But 
as  we  go  to  press,  we  believe  that 
Skype  poses  more  worries  about 
what  isn’t  known  than  actual 
security  concerns. 

Because  Skype  is  largely  a  point- 
to-point  protocol  service,  the  per¬ 
son  you  call,  or  who  calls  you, can 
infect  communications  to  you 
with, say  worms  or  viruses.  But  any 
standard  anti-virus  protection  on 
your  PC  or  laptop  should  be  able 
to  spot  and  stop  these. 

Bandwidth  is  not  a  big  concern 
either.  A  Skype  voice  call  uses  33K 
to  46Kbps  of  bandwidth  in  each 
direction.  This  is  not  a  lot,  and  is 
typical  of  an  efficient  WAN-orient¬ 
ed  VoIP  vocoding,  such  as  G.729. 
Of  course,  if  a  few  dozen  internal 
users  are  concurrently  running 
Skype  calls,  this  could  eat  up  a  T- 
l’s  worth  of  bandwidth. 

What  should  concern  IT  depart- 
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merits  about  Skype  is  not  so  much 
the  danger  to  security  but  the  fact 
that  it  can’t  be  controlled. Our  test¬ 
ing  shows  that: 

•  Skype  works  through  firewalls 
and  symmetric  NATs  (where  a 
unique  external  IP  address  is  asso¬ 
ciated  with  each  internal  user). 
We  tried  a  number  of  commercial 
firewalls,  configurations  and  even 
IPSs,  which  work  based  on  many 
higher-level  traffic-analysis  tech¬ 
niques,  and  we  could  not  prevent 
Skype  from  successfully  establish¬ 
ing  quality  VoIP  phone  calls. 

•  When  Skype  users  download 
the  software,  they  must  consent  to 
the  usage  agreement  that  in¬ 
cludes  a  provision  allowing  Skype 
to  commandeer  their  PC  and  its 
resources.  The  big  fear  is  that  the 
PC  —  ostensibly  an  enterprise 
node  with  private  company  files 
and  communications  stored  on  it 
—  could  become  a  Skype 
SuperNode.  A  Skype  SuperNode  is 
a  commandeered  PC  that  plays  a 
kind  of  proxy  role  in  Skype  call 
setup.  We  saw  no  evidence  of  any 
attempted  takeover  or  use  of  any 
of  the  Skype-loaded  PCs  or  lap¬ 
tops  we  tested.  Conventional  wis¬ 
dom  is  that  a  SuperNode  takeover 
occurs  only  on  nodes  that  main¬ 
tain  a  long-term  presence  with  the 
same  public  IP  address. 

•  The  main  Skype  executable 
program  is  about  ISMB.The  instal¬ 
lation  puts  an  icon  on  a  user’s 
desktop.  A  user  must  explicitly 
launch  Skype  to  place  calls. 
Whenever  a  laptop  user  launches 
the  application,  there  is  a  dialog 
with  the  Internet-based  Skype 
controllers.  Portions  of  that  dialog 
were  reliably  detected  by  at  least 
one  IPS  we  tested  —  from  a  ven¬ 
dor  we  agreed  not  to  name. 

Should  Skype  be  stopped? 

We  have  not  found  or  even 
heard  of  any  plausible  claims  of 
inherent  security  threats  or  vul¬ 
nerabilities  associated  with  Skype 
at  this  time. 

Your  decision  to  expend  what 
could  be  considerable  resources 
to  stop  Skype  from  entering  or 
leaving  your  enterprise  network 
or  from  running  on  your  users’ 
PCs  depends  on  your  corporate 
policies  with  regard  to  users 
installing  and  running  it  or  any 
other  unauthorized  programs. 

In  our  research,  we  found  one 
major  US.-based  global  manufac¬ 
turer  that  has  decided  to  try  to 
exclude  Skype  from  its  network. 
Technically  the  company  could 
not  do  so  (see  the  story,  “Spotting 


and  stopping  Skype:  good  luck,”  at 
DocFinder:  1247), short  of  subject¬ 
ing  all  its  users’  PCs  to  periodic 
scans  to  detect  Skype  software. 
Even  then.it  would  be  possible  for 
a  user  to  go  to  work,  download 
Skype,  make  calls  and  then  unin¬ 
stall  Skype  from  inside  the  enter¬ 
prise  network,  all  in  an  afternoon. 
The  company  has  decided  to 
arrange  for  users  to  make  free, 
Internet-based  calls  via  corporate 
network  resources  as  an  alterna¬ 
tive  to  Skype. 

How  do  you  identify  and  stop 
Skype?  There  will  soon  be  IPS  ven¬ 
dors  that  will  work  out  a  way  to 
reliably  spot  and  stop  Skype  calls 
in  the  short  term.  However,  as  of 
this  writing,  there  is  no  vendor  we 
could  find  that  offered  a  commer¬ 
cial  solution  that  stops  Skype  calls 
permanently 

Skype  is  inscrutable:  Skype  traf¬ 
fic  is  encrypted,  the  User  Data¬ 
gram  Protocol  and  TCP  ports  it 
uses  vary  randomly;  even  the 
packet  lengths  and  VoIP  voice 
sample  sizes  vary 

We  did  find  a  leading  security- 
system  vendor  that  was  working 
on  blocking  Skype  traffic.  We 


contacted  the  vendor,  which 
provided  us  with  its  current 
product,  an  IPS  configured  to 
“control  Skype.”  The  system 
could  very  reliably  detect  when¬ 
ever  users  launched  their  Skype 
applications  in  preparation  for 
placing  or  receiving  Skype  calls. 
However,  the  IPS  could  not  iden¬ 
tify  or  selectively  block  Skype 
calls,  which  are  encrypted  and 
use  random  port  numbers. 

Still,  by  being  able  to  detect 
when  a  particular  internal  user 
launches  Skype,  the  IPS  could  be 
set  to  block  all  traffic  to  and  from 
that  user’s  IP  address,  effectively 
blocking  Skype  (and  everything 
else)  indefinitely  or  for  a  prede¬ 
fined  period.  The  IPS  vendor  in 
question  is  still  working  on  the 
Skype  problem  and  asked  not  to 
be  identified  in  this  story 

Ed  Mier  is  founder,  Dave  Mier  is 
senior  manager  of  lab  testing,  and 
Mosco  is  lab  tester  at  Miercom,  a 
network  consultancy  and  product 
test  center  in  East  Windsor,  NJ.  They 
can  be  reached  at  ed@mier.com, 
dmier@mier.com  or  amosco 
@mier.com. 


_DAY  30:  It’s  gotten  worse.  I’m  trapped  in  a  maze 
of  our  own  creation.  Oh,  the  irony.  I  need  an 
answer.  (P.S.  I’m  frightened.) 


I 


I 


_DAY  31:  I  need  IBM  Systems  with  virtualization 
technology.  Helps  you  manage  your  servers  and  storage, 
each  from  a  single  view,  so  you  can  deploy  resources 
1  on  the  fly.  Lets  you  scale  up  and  out  quickly. 

I  will  achieve  control.  I  will  be  a  big  hero. 

^  -  They  will  call  me  Ned.  Ned,  Champion  of  Simplicity. 


! 

i 
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BACKSPIN 


Mark  Gibbs 


Avoiding  the  Gray  Area  Problem 


Last  week  I  looked  at  a 
proposal  called  the 
CP80  Internet  Channel 
Initiative  that  is  intended  to 
“clean  up”  the  ’Net  (see 
“Putting  lipstick  on  the  Internet  porno-pig”  at  www.net 
workworld.com,  DocFinder:  1250).  As  I  discussed,  this  pro¬ 
posal  is,  at  best,  a  complete  waste  of  time.  At  worst,  I  see 
CP80  as  a  dangerous  political  tool. 

There  has  been  a  lot  of  feedback  on  Gibbsblog  and  in 
letters  to  this  column  on  the  topic,  and  there  are  a  few 
issues  we  need  to  clear  up. 

In  Gibbsblog  an  argument  over  whether  CP80  is  cen¬ 
sorship  came  up,  and  I  had  to  resort  to  the  dictionary: 
The  American  Heritage  Dictionary  of  the  English 
Language,  fourth  edition,  defines  a  censor  as  a  “person 
authorized  to  examine  books,  films  or  other  material 
and  to  remove  or  suppress  what  is  considered  morally 
politically  or  otherwise  objectionable.”The  definition  of 
censorship  from  the  same  source  is  the  “act,  process  or 
practice  of  censoring.” 

So  censorship  is  the  correct  term,  whether  the  material 
is  removed  or  suppressed. The  goal  of  the  CP80  initiative  is 
to  reduce  availability  which  is  suppression,  which  is  cen¬ 
sorship.  The  technical  proposal,  the  CP80  channels,  is  not 
in  and  of  itself  a  censorship  system;  it  is  merely  a  poorly 
conceived  mechanism  for  making  the  censorship  catego¬ 


rizations  apparent.The  actual  censorship  proposed  by  the 
CP80  initiative  would  be  based  in  law. 

In  legal  categories  the  problem  with  censorship  and  the 
inadequacy  of  CP80  lies.  For  example,  when  you  try  to 
define  pornography  the  extremes  are  easy  to  determine: 
Mary  Poppins,  not  porn.  Linda  Lovelace  (at  least  pre- 
1974),  porn.  But  what  about  Goya’s  “The  Naked  Maja”or 
Nabokov’s  Lolita  or  the  movie  of  that  same  book? 

This  is  an  example  of  the  Gray  Area  Problem,  the  prob¬ 
lem  of  defining  which  classification  something  belongs  to 
when  its  attributes  are  not  quantifiable.  Because  of  this, 
the  argument  over  whether  something  is  pornographic 
ends  up  being  based  on  opinions  driven  by  personal,  reli¬ 
gious  and  cultural  prejudices,  so  fairness,  objectivity  and 
rational  thinking  tend  to  get  jettisoned. 

But  in  the  middle  of  the  CP80  issue  is  the  Internet.  Again, 
do  you  realize  how  often  the  Internet  —  and  for  that  mat¬ 
ter  information  technology  —  is  demonized? 

In  the  case  of  CP80  it  is  easy  to  see  the  back  story: The 
goal  is  simply  and  transparently  political. The  various  play¬ 
ers  want  to  get  something  done  about  pornography  and 
the  Internet,  and  CP80  is  just  a  stalking  horse  to  frame  the 
debate  and  garner  political  capital. 

The  channels  that  CP80  suggests  are  meaningless  with¬ 
out  laws  that  have  teeth  to  rein  in  anyone  who  violates 
the  standards  of  a  given  channel  and  whoever  frames 
those  laws  gets  serious  political  clout. 


But  if  you  admit  that  it  is  impossible  to  define  to  the  sat¬ 
isfaction  of  everyone  concerned  what  is  and  is  not  porno¬ 
graphic,  then  we  need  a  strategy  that  avoids  the  Gray  Area 
Problem  and  the  law. 

I  have  an  answer. 

Web  content  should  be  classified  according  to  the 
ethics  and  morals  of  each  interest  group.  So  we  might 
have  one  group  that  thinks  porn  is  OK,  another  that  thinks 
soft  porn  is  OK,  another  that  doesn’t  like  soft  porn  but 
doesn’t  mind  South  Park,  while  yet  another  thinks  that 
Mary  Poppins  is  a  bit  racy 

Now  if  we  could  get  Web  sites  to  start  using  a  scheme 
like  the  Platform  for  Internet  Content  Selection  (PICS, 
see  www.w3.org/PICS/),  then  those  people  and  organiza¬ 
tions  that  are  really  careful  will  block  any  site  without  a 
PICS  label. 

Sites  with  PICS  labels  would  be  cross-checked  by  users 
against  public  databases  that  would  be  run  by  each  of 
the  groups.Those  sites  that  present  a  rating  that  a  group 
doesn’t  agree  with  would  be  identified  in  the  group’s  data¬ 
base  as  in  violation, so  on  cross-check  they  would  fail.This 
would  be  a  reputation  system  of  sorts. 

The  beauty  of  this  scheme  is  it  doesn 't  require  any  legisla¬ 
tion  and  makes  everyone  happy.  Whaddya  think?  Tell  back- 
spin@gibbs.com,  or  jump  into  the  Gibbsblog  discussion  at 
DocFinder:  1249. 


ETBUZZ  News,  insights  and  oddities 

Looking  to  get  a  grip  on  ‘citizen  media’ 


Paul  McNamara 


If  ail  this  newfangled  Web  content  about  almost  any 
topic,  written  by  almost  anyone,  is  going  to  have  serious 
value  —  in  particular,  business  value  —  somebody  has 
to  find  a  way  to  organize  the  bookshelves. 

John  Palfrey  wants  to  be  one  of  the  librarians.  Executive  director  of  Harvard  Law 
School's  Berkman  Center  for  cyberspace  research,  Palfrey  and  colleague  Jim  Moore 
have  co-foundedTopTenSources,  a  search  site  of  sorts  that  promises  to  help  Web 
users  find  their  way  among  the  stacks.  Palfrey  and  Moore  are  also  the  movers  behind 
RSS  Investors,  a  new  private  equity  fund  focused  on  information  aggregation  that  last 
week  issued  its  first  investment  as  the  lead  in  a  $9  million  round  for  Attensa,  a  soft¬ 
ware  maker  developing  an  RSS  network. 

Two  guiding  principles  underlie  theTopTenSources  approach:  Human  beings  need  to 
be  part  of  the  search  process  for  it  to  work  well,  and  less  can  be  more  when  trying  to 
find  the  best  information. 

TopTenSources  will  present  to  visitors  an  array  of  topic-specific  lists  that  do  pretty 
much  what  the  name  implies:  guide  seekers  of  information  to  what  are  judged  to  be  the 
best  Web  sources,  including  blogs,  wikis,  podcasts  and  traditional  news 
outlets. There  are  about  100  lists  at  the  moment,  but  Palfrey  envisions  a 
critical  mass  of  thousands  if  not  tens  of  thousands  springing  up  as  the 
site  matures. 

The  10-best  lists  are  compiled  through  a  combination  of  objective 
measurements  —  visitors,  links,  update  frequency  —  as  well  as  the  sub¬ 
jective  judgments  of  editors  and  researchers  who  will  be  paid  to  keep 
tabs  on  what’s  out  there  pertaining  to  the  topics  at  hand. 

Soon  the  site  will  provide  a  mechanism  for  visitors  to  submit  their  own 
lists,  which  will  supplement  those  generated  by  the  company. 

What’s  interesting  about  the  approach  is  that  searches  conducted  on 
the  site  will  be  limited  in  scope  in  that  they  will  encompass  only  those 
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sources  that  have  been  judged  worthy  of  inclusion  on  aTopTen  list. 

‘‘We're  hoping  to  introduce  the  idea  of  limited  search  ...  if  you  don't  want  to  see  the 
whole  Web  but  just  a  group  of  sites  that  have  been  hand  selected,”  Palfrey  says.  “We’re 
not  going  to  compete  with  Google  orTechnorati  or  IceRocket,  but  we  can  give  you  some 
things  based  on  our  methodology  that  we  think  might  be  relevant  to  your  query.” 

But  how  does  all  of  this  guiding,  aggregating  and  community  building  add  up  to  a 
business? 

“We  will  look  for  relationships  with  other  parties  who  are  interested  in  both  sponsor¬ 
ing  an  area  —  not  advertising  necessarily  in  the  sense  of  context-specific  ads  —  but 
sponsoring  areas  of  interest,  and  also  who  are  interested  in  having  a  sense  of  what’s 
going  on  in  the  informal  media  around  a  specific  field.  I  think  there  is  a  fair  amount  of 
intelligence  that  we  can  build  up  overtime  by  following  specific  parts  of  the  citizen 
media  space." 

How  are  they  going  to  deal  with  the  inevitable  complaints  from  those  who  take 
umbrage  at  not  making  a  particularTopTenSources  list? 

“We've  already  been  getting  them,"  Palfrey  says.  “We  want  to  hear  from  people  about 

_  why  they  think  they  ought  to  be  on  the  list.  In  a  lot  of  cases  we’ll  hear 

from  people  who  are  a  wonderful  source  on  a  given  topic  but  for 
whatever  reason  they  don't  make  it  through  our  methodology  into  the 
TopTen  list  that  we’ve  already  created.  So  we  may  create  another 
one  around  that  person.” 

Which  doesn’t  mean  the  squeaky  wheel  is  always  going  to  get  the 
grease,  however. 

"Lobbying  and  that  sort  of  thing  is  not  going  to  help  somebody  get 
on  the  list  if  they  don't  meet  the  criteria,”  he  says. 


Squeaky  wheels 
buzz@nww.com. 


are  always  welcome  here.  The  address  is 
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Control  the  sprawl  by  physically  consolidating  your 
servers  and  storage,  putting  more  power  in  less  space. 

Control  complexity  by  pooling  systems  and  managing 
them  from  a  central  location.  Reducing  your  number  of 
disconnected  servers  and  storage. 

Control  costs  with  servers  that  partition  virtually  so 
you  can  do  more  with  less  on  a  single  system. 
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Control  time  with  systems  and  software 
to  dynamically  manage  workloads 
helping  to  optimize  resources. 

Control  your  IT  destiny  with 
of  innovative  servers  and 
to  make  your  infrastructure  and  yout 
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